Lucene search

[email protected]NVD:CVE-2014-6237

HistorySep 11, 2014 - 2:16 p.m.

CVE-2014-6237

2014-09-1114:16:05

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

38.4%

JSON

Cross-site scripting (XSS) vulnerability in the News Pack extension 0.1.0 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Nvd

Node

news_pack_projectnews_packMatch0.1.0typo3

VendorProductVersionCPE
news_pack_projectnews_pack0.1.0cpe:2.3:a:news_pack_project:news_pack:0.1.0:*:*:*:*:typo3:*:*

Vendor	Product	Version	CPE
news_pack_project	news_pack	0.1.0	cpe:2.3:a:news_pack_project:news_pack:0.1.0:::::typo3::

References

typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010

www.securityfocus.com/bid/69567

exchange.xforce.ibmcloud.com/vulnerabilities/95708

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

38.4%

JSON

Related for NVD:CVE-2014-6237

prion1 cvelist1 cve1 typo31