Lucene search

[email protected]NVD:CVE-2014-1914

HistoryFeb 07, 2014 - 3:48 p.m.

CVE-2014-1914

2014-02-0715:48:57

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw/add_topic.php or (2) nick parameter to sw/chat/message.php.

Affected configurations

NVD

Node

doug_poulincommand_school_student_management_systemMatch1.06.01

References

osvdb.org/101891

osvdb.org/101892

packetstormsecurity.com/files/124708/Command-School-Student-Management-System-1.06.01-SQL-Injection-CSRF-XSS.html

www.securityfocus.com/bid/64707

exchange.xforce.ibmcloud.com/vulnerabilities/90178

exchange.xforce.ibmcloud.com/vulnerabilities/90179

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.1%

JSON

Related for NVD:CVE-2014-1914

cve2 cvelist2 prion2 nvd1