CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

Tenable Nessus•added 2025/10/27 12:0 a.m.•4 views

Linux Distros Unpatched Vulnerability : CVE-2014-6439

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or...

4.3CVSS5.7AI score0.02023EPSS

Exploits0References2

vulnersOsv•added 2022/05/14 2:51 a.m.•3 views

at.molindo:esi4j (>=0.3.0 <=1.0.1), be.thematchbox:AbstractRiver (=1.0.1) +301 more potentially affected by CVE-2014-6439 via org.elasticsearch:elasticsearch (>=0.6.0 <=1.4.0)

org.elasticsearch:elasticsearch MAVEN version =0.6.0, =0.3.0, =1.0.0, =0.1PRE4, =0.1PRE4, =0.1PRE4, =0.1PRE4, =0.0.1, =0.1.13, =0.1.1, =0.8.1, =0.1.0, =1.0, =1.0.0, =1.1.2, =1.8.0 and more Source cves: CVE-2014-6439 Source advisory: OSV:GHSA-8699-M855-CWQF...

4.3CVSS5.4AI score0.02023EPSS

Exploits0

NVD•added 2014/10/10 1:55 a.m.•17 views

CVE-2014-6439

Cross-site scripting XSS vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.6AI score0.02023EPSS

Exploits0References5

UbuntuCve•added 2014/10/10 1:55 a.m.•2 views

CVE-2014-6439

Cross-site scripting XSS vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.02023EPSS

Exploits0References1

OSV•added 2014/10/10 1:55 a.m.•6 views

UBUNTU-CVE-2014-6439

Cross-site scripting XSS vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

4.3CVSS5.9AI score0.02023EPSS

Exploits0References2

CVE•added 2014/10/10 1:0 a.m.•102 views

CVE-2014-6439

The CVE-2014-6439 entry tracks a Cross-site Scripting (XSS) vulnerability in the CORS functionality of Elasticsearch prior to 1.4.0.Beta1. The issue could allow remote attackers to inject arbitrary script/HTML via unspecified vectors. Public references confirm this XSS surface is tied to Elastics...

4.3CVSS5.6AI score0.02023EPSS

Exploits0References5Affected Software1

securityvulns•added 2014/10/05 12:0 a.m.•63 views

Elasticsearch vulnerability CVE-2014-6439

Summary: Elasticsearch versions 1.3.x and prior have a default configuration for CORS that allows an attacker to craft links that could cause a user’s browser to send requests to Elasticsearch instances on their local network. These requests could cause data loss or compromise. We have been...

4.3CVSS1.3AI score0.02023EPSS

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by