Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2014-8917
HistoryJan 28, 2015 - 10:59 p.m.

CVE-2014-8917

2015-01-2822:59:00
CWE-79
[email protected]
web.nvd.nist.gov
2

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

NVD
Node
ibmsocial_media_analyticsRangeโ‰ค1.3.0.0
Node
ibmfinancial_transaction_managerMatch2.0.0.0
OR
ibmfinancial_transaction_managerMatch2.0.0.1
OR
ibmfinancial_transaction_managerMatch2.0.0.2
OR
ibmfinancial_transaction_managerMatch2.0.0.3
OR
ibmfinancial_transaction_managerMatch2.1.0.0
OR
ibmfinancial_transaction_managerMatch2.1.0.1
OR
ibmfinancial_transaction_managerMatch2.1.0.2
OR
ibmfinancial_transaction_managerMatch2.1.1.0
OR
ibmfinancial_transaction_managerMatch2.1.1.1
OR
ibmfinancial_transaction_managerMatch3.0.0.0
OR
ibmfinancial_transaction_manager_for_check_servicesMatch2.1.1.8
OR
ibmfinancial_transaction_manager_for_corporate_payment_servicesMatch2.1.1.0

Related

cve 1
ibm 24
cvelist 1
nessus 1
prion 1
cve
cve
CVE-2014-8917
2015-01-28 22:59:00
ibm
ibm
Security Bulletin: A Security vulnerability in the IBM Dojo Toolkit affects InfoSphere Big Insights (CVE-2014-8917)
2021-04-08 20:59:42
Security Bulletin: A Security Vulnerability exists in the Dojo runtime that affects Rational Software Architect and Rational Software Architect for Websphere Software
2020-09-10 15:43:59
Security Bulletin: Multiple IBM InfoSphere Information Server components are affected by a vulnerability in IBM Dojo Toolkit (CVE-2014-8917)
2018-06-16 14:07:30
cvelist
cvelist
CVE-2014-8917
2015-01-28 22:00:00
nessus
nessus
IBM WebSphere Application Server 8.0.0.x < 8.0.0.11 / 8.5.x < 8.5.5.6 XSS (CVE-2014-8917)
2020-10-30 00:00:00
prion
prion
Cross site scripting
2015-01-28 22:59:00

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.5 Medium

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

73.4%

JSON
Related for NVD:CVE-2014-8917
cve1ibm24cvelist1nessus1prion1