Lucene search

[email protected]NVD:CVE-2013-2618

HistoryJun 05, 2014 - 8:55 p.m.

CVE-2013-2618

2014-06-0520:55:05

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.133 Low

EPSS

Percentile

95.6%

JSON

Cross-site scripting (XSS) vulnerability in editor.php in Network Weathermap before 0.97b allows remote attackers to inject arbitrary web script or HTML via the map_title parameter.

Affected configurations

NVD

Node

network-weathermap.network_weathermapRange≤0.97a

References

osvdb.org/91869

packetstormsecurity.com/files/121034/Network-Weathermap-0.97a-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2013/Apr/1

www.exploit-db.com/exploits/24913

www.network-weathermap.com/content/security-notice-cve-2013-2618-network-weathermap-097a-persistent-xss

www.securityfocus.com/bid/58793

exchange.xforce.ibmcloud.com/vulnerabilities/83187

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.133 Low

EPSS

Percentile

95.6%

JSON

Related for NVD:CVE-2013-2618

checkpoint_advisories1 seebug1 f51 packetstorm1 cve1 zdt1 exploitpack1 attackerkb1 prion1 cvelist1 exploitdb1