Lucene search
Copyright (C) 2014 Greenbone AGOPENVAS:1361412562310105103HistoryNov 03, 2014 - 12:00 a.m.
Scalix Web Access <= 11.4.6.12377, 12.x <= 12.2.0.14697 XXE and XSS Vulnerability
2014-11-0300:00:00
Copyright (C) 2014 Greenbone AG
plugins.openvas.org
18
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.3%
Scalix Web Access is prone to an XML external entity (XXE)
injection and to a cross-site scripting (XSS) vulnerability.
# SPDX-FileCopyrightText: 2014 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
CPE = "cpe:/a:scalix:scalix";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.105103");
script_cve_id("CVE-2014-9352", "CVE-2014-9360");
script_tag(name:"cvss_base", value:"6.4");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_version("2024-06-28T15:38:46+0000");
script_name("Scalix Web Access <= 11.4.6.12377, 12.x <= 12.2.0.14697 XXE and XSS Vulnerability");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/70857");
script_xref(name:"URL", value:"http://www.securityfocus.com/bid/70859");
script_tag(name:"impact", value:"Attackers can exploit the XML External Entity Injection to obtain
potentially sensitive information. This may lead to further attacks. An attacker may leverage the
Cross Site Scripting issue to execute arbitrary script code in the browser of an unsuspecting user
in the context of the affected site. This may allow the attacker to steal cookie-based
authentication credentials and launch other attacks.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"solution", value:"Ask the Vendor for an update.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"summary", value:"Scalix Web Access is prone to an XML external entity (XXE)
injection and to a cross-site scripting (XSS) vulnerability.");
script_tag(name:"affected", value:"Scalix Web Access versions 11.4.6.12377 and 12.2.0.14697 are
vulnerable. Older versions might be affected as well.");
script_tag(name:"last_modification", value:"2024-06-28 15:38:46 +0000 (Fri, 28 Jun 2024)");
script_tag(name:"creation_date", value:"2014-11-03 14:30:39 +0100 (Mon, 03 Nov 2014)");
script_category(ACT_GATHER_INFO);
script_tag(name:"qod_type", value:"remote_banner");
script_family("Web application abuses");
script_copyright("Copyright (C) 2014 Greenbone AG");
script_dependencies("gb_scalix_detect.nasl");
script_mandatory_keys("scalix/installed");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if( ! port = get_app_port( cpe:CPE ) )
exit( 0 );
if( ! vers = get_app_version( cpe:CPE, port:port ) )
exit( 0 );
if( version_in_range( version:vers, test_version:"12.0", test_version2:"12.2.0.14697" ) ||
version_is_less_equal( version:vers, test_version:"11.4.6.12377" ) ) {
report = report_fixed_ver( installed_version:vers, fixed_version:"Contact vendor" );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );
Related
nvd
nvd
CVE-2014-9360
2014-12-10 15:59:23
CVE-2014-9352
2014-12-09 23:59:20
prion
prion
Xxe
2014-12-10 15:59:00
Cross site scripting
2014-12-09 23:59:00
cve
cve
CVE-2014-9360
2014-12-10 15:59:23
CVE-2014-9352
2014-12-09 23:59:20
cvelist
cvelist
CVE-2014-9360
2014-12-10 15:00:00
CVE-2014-9352
2014-12-09 22:52:00
6.4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
5.9 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.3%
Related for OPENVAS:1361412562310105103