Lucene search

[email protected]NVD:CVE-2015-1040

HistoryJan 15, 2015 - 3:59 p.m.

CVE-2015-1040

2015-01-1515:59:28

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.03

Percentile

91.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in the administrative backend in BEdita 3.4.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lrealname field in the editProfile form to index.php/home/profile; the (2) data[title] or (3) data[description] field in the addQuickItem form to index.php; the (4) “note text” field in the saveNote form to index.php/areas; or the (5) titleBEObject or (6) tagsArea field in the updateForm form to index.php/documents/view.

Affected configurations

Nvd

Node

beditabeditaMatch3.4.0

VendorProductVersionCPE
beditabedita3.4.0cpe:2.3:a:bedita:bedita:3.4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
bedita	bedita	3.4.0	cpe:2.3:a:bedita:bedita:3.4.0:::::::*

References

packetstormsecurity.com/files/129865/CMS-BEdita-3.4.0-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2015/Jan/16

seclists.org/oss-sec/2015/q1/115

sroesemann.blogspot.de/2014/12/sroeadv-2014-10.html

www.securityfocus.com/bid/71949

github.com/bedita/bedita/issues/566

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.4

Confidence

High

EPSS

0.03

Percentile

91.1%

JSON

Related for NVD:CVE-2015-1040

cvelist1 prion1 cve1