Lucene search

[email protected]NVD:CVE-2015-4665

HistoryAug 13, 2015 - 2:59 p.m.

CVE-2015-4665

2015-08-1314:59:04

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.2%

JSON

Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.

Affected configurations

NVD

Node

xceediumxsuiteMatch2.3.0

xceediumxsuiteMatch2.4.3.0

References

packetstormsecurity.com/files/132809/Xceedium-Xsuite-Command-Injection-XSS-Traversal-Escalation.html

www.modzero.ch/advisories/MZ-15-02-Xceedium-Xsuite.txt

support.ca.com/us/product-content/recommended-reading/security-notices/ca20180614-01--security-notice-for-ca-privileged-access-manager.html

www.exploit-db.com/exploits/37708/

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.6 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.2%

JSON

Related for NVD:CVE-2015-4665

prion1 cve1 cvelist1 openvas1 securityvulns1 packetstorm1 exploitpack1 exploitdb1