Lucene search

PRIOn knowledge basePRION:CVE-2013-2137

HistoryAug 15, 2013 - 4:55 p.m.

Cross site scripting

2013-08-1516:55:00

PRIOn knowledge base

www.prio-n.com

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

49.5%

JSON

Cross-site scripting (XSS) vulnerability in the “View Log” screen in the Webtools application in Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPENameOperatorVersion
ofbizeq12.04.01
ofbizeq11.04.01
ofbizeq11.04.02
ofbizeq10.04.01
ofbizeq10.04.02
ofbizeq10.04.03
ofbizeq10.04.04
ofbizeq10.04.05

Name	Operator	Version
ofbiz	eq	12.04.01
ofbiz	eq	11.04.01
ofbiz	eq	11.04.02
ofbiz	eq	10.04.01
ofbiz	eq	10.04.02
ofbiz	eq	10.04.03
ofbiz	eq	10.04.04
ofbiz	eq	10.04.05

References

archives.neohapsis.com/archives/bugtraq/2013-07/0144.html

ofbiz.apache.org/download.html

osvdb.org/95523

secunia.com/advisories/53910

www.securityfocus.com/bid/61370

exchange.xforce.ibmcloud.com/vulnerabilities/85874

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

49.5%

JSON

Related for PRION:CVE-2013-2137