ID SECURITYVULNS:DOC:31534Type securityvulnsReporter SecurityvulnsModified 2014-12-22T00:00:00
Description
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
CVE-2014-2026
"Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability
in "Intrexx Professional" product
Vendor
United Planet GmbH
Product
"Intrexx is an integrated cross-platform development environment for the creation
and operation of web-based applications, enterprise portals and intranet portals."
- source: https://en.wikipedia.org/wiki/Intrexx
Affected versions
This vulnerability affects versions of Intrexx Professional 6.0 (prior to Online Update 10)
and 5.2 (prior to Online Update 0905)
Patch availability
The vendor has released the following fixes:
"Online Update 10" or later for Intrexx Professional 6.0 users
"Online Update 0905" or later for Intrexx Professional 5.2 users
Reported by
This issue was reported to the vendor by Christian Schneider (@cschneider4711)
following a responsible disclosure process.
Severity
Medium
Exploitability
Victim needs to visit malicious webpage of attacker
Description
Using the request parameter of the search functionality it is possible to execute
Reflected Cross-Site Scripting (XSS) attacks. This enables attackers to impersonate
victim users (in context of the origin exposing the portal) when logged-in victims
are accessing attacker supplied links/sites.
Proof of concept
Due to the responsible disclosure process chosen and to not harm unpatched systems,
no concrete exploit code will be presented in this advisory.
References
https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018
https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32#{1}
http://www.christian-schneider.net/advisories/CVE-2014-2026.txt
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iQIcBAEBAgAGBQJUjhC3AAoJEEDB74comLC+PQEP/3uN8CfRfZWMrWjcjZUl/OQf
d9ohQf1xyHxqC2IARrJcYVTHP1i/4VhnkFGd2Q0yrRqVEzlN84qgyXArkBW9RDkR
OgMkT3oqIERywpq3M9A91Jdb5LrdiFCKPj9kBbcXmsgsgZIPXlJSCQ92IoyepTrL
rYw9mUUkN+qxu07xPS2gdzYtpv51PoW2svZFnQKEbXa9wl8Yw5PcPqvYJkxG/TJv
KDD1U0k9d7Y5mLlvnVil8ANvDoXVD5YrNFX80pHi0hBbMQvchj2OOpq8Mia7IIjK
E4GjfshwZ4XZfSlNEu7ESoKdXxOwbm9M2N5a5DwiuXOwQLh6UKrZRPQMzz6L3HyX
KBjAodTGMPGtO8YHTJVsWIQpsB+gENUudxpcOJ8jnHMOwEp8T0zMHeWjaZpj2Gzm
3jrRjuScT8FzJMEudBSLFwZy+Ce6rC9PA4mmPqNKADW+E32vmt17HV1wO007k84H
LgmBkpvGh+ZefIhCNfKm6i6PfxFePqQZMycAJYwdF1P3IpVRHVW/o45XAyWZHOjU
/wRJpwlETJjSicibVcbx7hZxv1gjPwOoePeyMK6PciD0W3jdjRsABaOfQeJ5gQgL
BGfrziuu0uBnMTFWM5OJD8WW4qdWmgjQEh+xH4HErWOAV5VQJFABmkIfWfVD6vhK
yHJz6lRSMRhhVCxL6E3A
=fTQM
-----END PGP SIGNATURE-----
{"id": "SECURITYVULNS:DOC:31534", "bulletinFamily": "software", "title": "CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in "Intrexx Professional"", "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n\r\nCVE-2014-2026\r\n===================\r\n"Reflected Cross-Site Scripting (XSS)" (CWE-79) vulnerability\r\nin "Intrexx Professional" product\r\n\r\n\r\nVendor\r\n===================\r\nUnited Planet GmbH\r\n\r\n\r\nProduct\r\n===================\r\n"Intrexx is an integrated cross-platform development environment for the creation \r\nand operation of web-based applications, enterprise portals and intranet portals."\r\n - source: https://en.wikipedia.org/wiki/Intrexx\r\n\r\n\r\nAffected versions\r\n===================\r\nThis vulnerability affects versions of Intrexx Professional 6.0 (prior to Online Update 10) \r\nand 5.2 (prior to Online Update 0905)\r\n\r\n\r\nPatch availability\r\n===================\r\nThe vendor has released the following fixes:\r\n"Online Update 10" or later for Intrexx Professional 6.0 users\r\n"Online Update 0905" or later for Intrexx Professional 5.2 users\r\n\r\n\r\nReported by\r\n===================\r\nThis issue was reported to the vendor by Christian Schneider (@cschneider4711) \r\nfollowing a responsible disclosure process.\r\n\r\n\r\nSeverity\r\n===================\r\nMedium\r\n\r\n\r\nExploitability\r\n===================\r\nVictim needs to visit malicious webpage of attacker\r\n\r\n\r\nDescription\r\n===================\r\nUsing the request parameter of the search functionality it is possible to execute \r\nReflected Cross-Site Scripting (XSS) attacks. This enables attackers to impersonate \r\nvictim users (in context of the origin exposing the portal) when logged-in victims \r\nare accessing attacker supplied links/sites.\r\n\r\n\r\nProof of concept\r\n===================\r\nDue to the responsible disclosure process chosen and to not harm unpatched systems, \r\nno concrete exploit code will be presented in this advisory.\r\n\r\n\r\nReferences\r\n===================\r\nhttps://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018\r\n\r\nhttps://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32#{1}\r\n\r\nhttp://www.christian-schneider.net/advisories/CVE-2014-2026.txt\r\n\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.9 (Darwin)\r\n\r\niQIcBAEBAgAGBQJUjhC3AAoJEEDB74comLC+PQEP/3uN8CfRfZWMrWjcjZUl/OQf\r\nd9ohQf1xyHxqC2IARrJcYVTHP1i/4VhnkFGd2Q0yrRqVEzlN84qgyXArkBW9RDkR\r\nOgMkT3oqIERywpq3M9A91Jdb5LrdiFCKPj9kBbcXmsgsgZIPXlJSCQ92IoyepTrL\r\nrYw9mUUkN+qxu07xPS2gdzYtpv51PoW2svZFnQKEbXa9wl8Yw5PcPqvYJkxG/TJv\r\nKDD1U0k9d7Y5mLlvnVil8ANvDoXVD5YrNFX80pHi0hBbMQvchj2OOpq8Mia7IIjK\r\nE4GjfshwZ4XZfSlNEu7ESoKdXxOwbm9M2N5a5DwiuXOwQLh6UKrZRPQMzz6L3HyX\r\nKBjAodTGMPGtO8YHTJVsWIQpsB+gENUudxpcOJ8jnHMOwEp8T0zMHeWjaZpj2Gzm\r\n3jrRjuScT8FzJMEudBSLFwZy+Ce6rC9PA4mmPqNKADW+E32vmt17HV1wO007k84H\r\nLgmBkpvGh+ZefIhCNfKm6i6PfxFePqQZMycAJYwdF1P3IpVRHVW/o45XAyWZHOjU\r\n/wRJpwlETJjSicibVcbx7hZxv1gjPwOoePeyMK6PciD0W3jdjRsABaOfQeJ5gQgL\r\nBGfrziuu0uBnMTFWM5OJD8WW4qdWmgjQEh+xH4HErWOAV5VQJFABmkIfWfVD6vhK\r\nyHJz6lRSMRhhVCxL6E3A\r\n=fTQM\r\n-----END PGP SIGNATURE-----\r\n\r\n", "published": "2014-12-22T00:00:00", "modified": "2014-12-22T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:31534", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2014-2026"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:56", "edition": 1, "viewCount": 48, "enchantments": {"score": {"value": 6.3, "vector": "NONE", "modified": "2018-08-31T11:10:56", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2026"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14155"]}], "modified": "2018-08-31T11:10:56", "rev": 2}, "vulnersScore": 6.3}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}
{"cve": [{"id": "CVE-2014-2026", "bulletinFamily": "NVD", "title": "CVE-2014-2026", "description": "Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.", "published": "2014-12-19T15:59:00", "modified": "2018-10-09T19:43:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2026", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/archive/1/534230/100/0/threaded", "http://packetstormsecurity.com/files/129590/Intrexx-Professional-6.0-5.2-Cross-Site-Scripting.html", "http://www.securityfocus.com/bid/71673", "https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32", "http://www.christian-schneider.net/advisories/CVE-2014-2026.txt"], "cvelist": ["CVE-2014-2026"], "type": "cve", "lastseen": "2021-04-22T23:44:05", "history": [{"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "unitedplanet:intrexx", "name": "unitedplanet intrexx", "operator": "eq", "version": "6.0"}, {"cpeName": "unitedplanet:intrexx", "name": "unitedplanet intrexx", "operator": "le", "version": "5.2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:unitedplanet:intrexx:5.2", "cpe:/a:unitedplanet:intrexx:6.0"], "cpe23": ["cpe:2.3:a:unitedplanet:intrexx:6.0:*:*:*:professional:*:*:*", "cpe:2.3:a:unitedplanet:intrexx:5.2:*:*:*:professional:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:unitedplanet:intrexx:5.2:*:*:*:professional:*:*:*", "versionEndIncluding": "5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unitedplanet:intrexx:6.0:*:*:*:professional:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2026"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cwe": ["CWE-79"], "description": "Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.", "edition": 6, "enchantments": {"dependencies": {"modified": "2021-02-02T06:14:27", "references": [{"idList": ["SECURITYVULNS:VULN:14155", "SECURITYVULNS:DOC:31534"], "type": "securityvulns"}], "rev": 2}, "score": {"modified": "2021-02-02T06:14:27", "rev": 2, "value": 4.6, "vector": "NONE"}}, "extraReferences": [{"name": "71673", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/71673"}, {"name": "http://www.christian-schneider.net/advisories/CVE-2014-2026.txt", "refsource": "MISC", "tags": [], "url": "http://www.christian-schneider.net/advisories/CVE-2014-2026.txt"}, {"name": "http://packetstormsecurity.com/files/129590/Intrexx-Professional-6.0-5.2-Cross-Site-Scripting.html", "refsource": "MISC", "tags": [], "url": "http://packetstormsecurity.com/files/129590/Intrexx-Professional-6.0-5.2-Cross-Site-Scripting.html"}, {"name": "https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32"}, {"name": "20141214 CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in \"Intrexx Professional\"", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/534230/100/0/threaded"}], "hash": "f13c09a3ccf7152d0bfd7b50af675a667aa922125243f4813db4c790ea654988", "hashmap": [{"hash": "25131d66a9f3961140b068f4b41aa42b", "key": "cvss2"}, {"hash": "bdd5f187a233e2ae7401ff86db162972", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b344145c06e807f8c6866f9125076821", "key": "modified"}, {"hash": "f34dbd0755d18dec293098ce8f24f26a", "key": "title"}, {"hash": "0667fdedf9a42f4e93b4931c21a5b1c2", "key": "extraReferences"}, {"hash": "a7fc68a8c27b61a5c41edfd4585e6fd3", "key": "cvelist"}, {"hash": "162f31744a95df2647689927e2c9f350", "key": "affectedSoftware"}, {"hash": "a82365aadea961d0605a1a01061dafcd", "key": "description"}, {"hash": "b4bd27d4fd1e8e76b0722c790735b87f", "key": "cpe23"}, {"hash": "fb571493bf863f7fc1d130149c311053", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "72bb8363f7936a57718b734f3882a672", "key": "cpe"}, {"hash": "132100a7574bf1ff6b61dc337aab293d", "key": "references"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a710b1cc9b782b051417dc5377eb610d", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2026", "id": "CVE-2014-2026", "immutableFields": [], "lastseen": "2021-02-02T06:14:27", "modified": "2018-10-09T19:43:00", "objectVersion": "1.5", "published": "2014-12-19T15:59:00", "references": ["http://www.securityfocus.com/archive/1/534230/100/0/threaded", "http://packetstormsecurity.com/files/129590/Intrexx-Professional-6.0-5.2-Cross-Site-Scripting.html", "http://www.securityfocus.com/bid/71673", "https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32", "http://www.christian-schneider.net/advisories/CVE-2014-2026.txt"], "reporter": "cve@mitre.org", "title": "CVE-2014-2026", "type": "cve", "viewCount": 2}, "different_elements": ["cpeConfiguration"], "edition": 6, "lastseen": "2021-02-02T06:14:27"}, {"bulletin": {"affectedSoftware": [{"name": "unitedplanet intrexx", "operator": "le", "version": "5.2"}, {"name": "unitedplanet intrexx", "operator": "eq", "version": "6.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:unitedplanet:intrexx:6.0"], "cpe23": ["cpe:2.3:a:unitedplanet:intrexx:6.0:*:*:*:professional:*:*:*"], "cvelist": ["CVE-2014-2026"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cwe": ["CWE-79"], "description": "Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.", "edition": 1, "enchantments": {"dependencies": {"modified": "2019-05-29T18:13:44", "references": [{"idList": ["SECURITYVULNS:VULN:14155", "SECURITYVULNS:DOC:31534"], "type": "securityvulns"}], "rev": 2}, "score": {"modified": "2019-05-29T18:13:44", "rev": 2, "value": 4.6, "vector": "NONE"}}, "hash": "35071c55756eeb17afbf20fe9b000dbe116aeda2dfc45692fdc54313aab67b9e", "hashmap": [{"hash": "25131d66a9f3961140b068f4b41aa42b", "key": "cvss2"}, {"hash": "e0e709d4f6d3f83936ac570e16477124", "key": "cpe"}, {"hash": "b344145c06e807f8c6866f9125076821", "key": "modified"}, {"hash": "f34dbd0755d18dec293098ce8f24f26a", "key": "title"}, {"hash": "a7fc68a8c27b61a5c41edfd4585e6fd3", "key": "cvelist"}, {"hash": "a82365aadea961d0605a1a01061dafcd", "key": "description"}, {"hash": "fb571493bf863f7fc1d130149c311053", "key": "published"}, {"hash": "498ff891d01a856c1eb7494219e6c3e6", "key": "cpe23"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "132100a7574bf1ff6b61dc337aab293d", "key": "references"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "9d49eb633c1b7a2b79778f04b172b32f", "key": "affectedSoftware"}, {"hash": "a710b1cc9b782b051417dc5377eb610d", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2026", "id": "CVE-2014-2026", "lastseen": "2019-05-29T18:13:44", "modified": "2018-10-09T19:43:00", "objectVersion": "1.3", "published": "2014-12-19T15:59:00", "references": ["http://www.securityfocus.com/archive/1/534230/100/0/threaded", "http://packetstormsecurity.com/files/129590/Intrexx-Professional-6.0-5.2-Cross-Site-Scripting.html", "http://www.securityfocus.com/bid/71673", "https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32", "http://www.christian-schneider.net/advisories/CVE-2014-2026.txt"], "reporter": "cve@mitre.org", "title": "CVE-2014-2026", "type": "cve", "viewCount": 0}, "differentElements": ["cpe23", "cpe", "affectedSoftware"], "edition": 1, "lastseen": "2019-05-29T18:13:44"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "unitedplanet:intrexx", "name": "unitedplanet intrexx", "operator": "eq", "version": "6.0"}, {"cpeName": "unitedplanet:intrexx", "name": "unitedplanet intrexx", "operator": "le", "version": "5.2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:unitedplanet:intrexx:5.2", "cpe:/a:unitedplanet:intrexx:6.0"], "cpe23": ["cpe:2.3:a:unitedplanet:intrexx:6.0:*:*:*:professional:*:*:*", "cpe:2.3:a:unitedplanet:intrexx:5.2:*:*:*:professional:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:unitedplanet:intrexx:5.2:*:*:*:professional:*:*:*", "versionEndIncluding": "5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unitedplanet:intrexx:6.0:*:*:*:professional:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2026"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cwe": ["CWE-79"], "description": "Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.", "edition": 5, "enchantments": {"dependencies": {"modified": "2020-12-09T19:58:22", "references": [{"idList": ["SECURITYVULNS:VULN:14155", "SECURITYVULNS:DOC:31534"], "type": "securityvulns"}], "rev": 2}, "score": {"modified": "2020-12-09T19:58:22", "rev": 2, "value": 4.6, "vector": "NONE"}}, "extraReferences": [], "hash": "c71dfa84307cba877ad67438df29061edbde5e93c8069dafd35a1677e19d09bd", "hashmap": [{"hash": "25131d66a9f3961140b068f4b41aa42b", "key": "cvss2"}, {"hash": "bdd5f187a233e2ae7401ff86db162972", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b344145c06e807f8c6866f9125076821", "key": "modified"}, {"hash": "f34dbd0755d18dec293098ce8f24f26a", "key": "title"}, {"hash": "a7fc68a8c27b61a5c41edfd4585e6fd3", "key": "cvelist"}, {"hash": "162f31744a95df2647689927e2c9f350", "key": "affectedSoftware"}, {"hash": "a82365aadea961d0605a1a01061dafcd", "key": "description"}, {"hash": "b4bd27d4fd1e8e76b0722c790735b87f", "key": "cpe23"}, {"hash": "fb571493bf863f7fc1d130149c311053", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "72bb8363f7936a57718b734f3882a672", "key": "cpe"}, {"hash": "132100a7574bf1ff6b61dc337aab293d", "key": "references"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "extraReferences"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a710b1cc9b782b051417dc5377eb610d", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2026", "id": "CVE-2014-2026", "lastseen": "2020-12-09T19:58:22", "modified": "2018-10-09T19:43:00", "objectVersion": "1.3", "published": "2014-12-19T15:59:00", "references": ["http://www.securityfocus.com/archive/1/534230/100/0/threaded", "http://packetstormsecurity.com/files/129590/Intrexx-Professional-6.0-5.2-Cross-Site-Scripting.html", "http://www.securityfocus.com/bid/71673", "https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32", "http://www.christian-schneider.net/advisories/CVE-2014-2026.txt"], "reporter": "cve@mitre.org", "title": "CVE-2014-2026", "type": "cve", "viewCount": 1}, "differentElements": ["extraReferences"], "edition": 5, "lastseen": "2020-12-09T19:58:22"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "unitedplanet:intrexx", "name": "unitedplanet intrexx", "operator": "le", "version": "*"}, {"cpeName": "unitedplanet:intrexx", "name": "unitedplanet intrexx", "operator": "eq", "version": "6.0"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:unitedplanet:intrexx:5.2", "cpe:/a:unitedplanet:intrexx:6.0"], "cpe23": ["cpe:2.3:a:unitedplanet:intrexx:6.0:*:*:*:professional:*:*:*", "cpe:2.3:a:unitedplanet:intrexx:5.2:*:*:*:professional:*:*:*"], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:unitedplanet:intrexx:5.2:*:*:*:professional:*:*:*", "versionEndIncluding": "5.2", "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unitedplanet:intrexx:6.0:*:*:*:professional:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "cvelist": ["CVE-2014-2026"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cwe": ["CWE-79"], "description": "Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.", "edition": 4, "enchantments": {"dependencies": {"modified": "2020-11-29T23:21:54", "references": [{"idList": ["SECURITYVULNS:VULN:14155", "SECURITYVULNS:DOC:31534"], "type": "securityvulns"}], "rev": 2}, "score": {"modified": "2020-11-29T23:21:54", "rev": 2, "value": 4.6, "vector": "NONE"}}, "hash": "100cbecd3458358e7caa035a6d8c50a038c7ab7bdb3a97adc9075f30b02e9d16", "hashmap": [{"hash": "25131d66a9f3961140b068f4b41aa42b", "key": "cvss2"}, {"hash": "bdd5f187a233e2ae7401ff86db162972", "key": "cpeConfiguration"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b344145c06e807f8c6866f9125076821", "key": "modified"}, {"hash": "f34dbd0755d18dec293098ce8f24f26a", "key": "title"}, {"hash": "a7fc68a8c27b61a5c41edfd4585e6fd3", "key": "cvelist"}, {"hash": "a82365aadea961d0605a1a01061dafcd", "key": "description"}, {"hash": "b4bd27d4fd1e8e76b0722c790735b87f", "key": "cpe23"}, {"hash": "fb571493bf863f7fc1d130149c311053", "key": "published"}, {"hash": "cfbc97404a62c15b91475e8c68f7ef32", "key": "affectedSoftware"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "72bb8363f7936a57718b734f3882a672", "key": "cpe"}, {"hash": "132100a7574bf1ff6b61dc337aab293d", "key": "references"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a710b1cc9b782b051417dc5377eb610d", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2026", "id": "CVE-2014-2026", "lastseen": "2020-11-29T23:21:54", "modified": "2018-10-09T19:43:00", "objectVersion": "1.3", "published": "2014-12-19T15:59:00", "references": ["http://www.securityfocus.com/archive/1/534230/100/0/threaded", "http://packetstormsecurity.com/files/129590/Intrexx-Professional-6.0-5.2-Cross-Site-Scripting.html", "http://www.securityfocus.com/bid/71673", "https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32", "http://www.christian-schneider.net/advisories/CVE-2014-2026.txt"], "reporter": "cve@mitre.org", "title": "CVE-2014-2026", "type": "cve", "viewCount": 1}, "differentElements": ["affectedSoftware"], "edition": 4, "lastseen": "2020-11-29T23:21:54"}, {"bulletin": {"affectedConfiguration": [], "affectedSoftware": [{"cpeName": "unitedplanet:intrexx", "name": "unitedplanet intrexx", "operator": "eq", "version": "6.0"}, {"cpeName": "unitedplanet:intrexx", "name": "unitedplanet intrexx", "operator": "le", "version": "5.2"}], "bulletinFamily": "NVD", "cpe": ["cpe:/a:unitedplanet:intrexx:5.2", "cpe:/a:unitedplanet:intrexx:6.0"], "cpe23": ["cpe:2.3:a:unitedplanet:intrexx:6.0:*:*:*:professional:*:*:*", "cpe:2.3:a:unitedplanet:intrexx:5.2:*:*:*:professional:*:*:*"], "cpeConfiguration": {}, "cvelist": ["CVE-2014-2026"], "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cwe": ["CWE-79"], "description": "Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.", "edition": 2, "enchantments": {"dependencies": {"modified": "2020-09-21T14:15:40", "references": [{"idList": ["SECURITYVULNS:VULN:14155", "SECURITYVULNS:DOC:31534"], "type": "securityvulns"}], "rev": 2}, "score": {"modified": "2020-09-21T14:15:40", "rev": 2, "value": 4.6, "vector": "NONE"}}, "hash": "2250862f1ccf2df985d033518669690073f61912de94d17f24487dbcff14dc9f", "hashmap": [{"hash": "25131d66a9f3961140b068f4b41aa42b", "key": "cvss2"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "affectedConfiguration"}, {"hash": "b344145c06e807f8c6866f9125076821", "key": "modified"}, {"hash": "f34dbd0755d18dec293098ce8f24f26a", "key": "title"}, {"hash": "a7fc68a8c27b61a5c41edfd4585e6fd3", "key": "cvelist"}, {"hash": "162f31744a95df2647689927e2c9f350", "key": "affectedSoftware"}, {"hash": "a82365aadea961d0605a1a01061dafcd", "key": "description"}, {"hash": "b4bd27d4fd1e8e76b0722c790735b87f", "key": "cpe23"}, {"hash": "fb571493bf863f7fc1d130149c311053", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpeConfiguration"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvss3"}, {"hash": "72bb8363f7936a57718b734f3882a672", "key": "cpe"}, {"hash": "132100a7574bf1ff6b61dc337aab293d", "key": "references"}, {"hash": "34e69e045b64924bccf865d56b6918a2", "key": "cwe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a710b1cc9b782b051417dc5377eb610d", "key": "href"}, {"hash": "444c2b4dda4a55437faa8bef1a141e84", "key": "reporter"}, {"hash": "f74a1c24e49a5ecb0eefb5e51d4caa14", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-2026", "id": "CVE-2014-2026", "lastseen": "2020-09-21T14:15:40", "modified": "2018-10-09T19:43:00", "objectVersion": "1.3", "published": "2014-12-19T15:59:00", "references": ["http://www.securityfocus.com/archive/1/534230/100/0/threaded", "http://packetstormsecurity.com/files/129590/Intrexx-Professional-6.0-5.2-Cross-Site-Scripting.html", "http://www.securityfocus.com/bid/71673", "https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32", "http://www.christian-schneider.net/advisories/CVE-2014-2026.txt"], "reporter": "cve@mitre.org", "title": "CVE-2014-2026", "type": "cve", "viewCount": 0}, "differentElements": ["cpeConfiguration"], "edition": 2, "lastseen": "2020-09-21T14:15:40"}], "edition": 7, "hashmap": [{"key": "affectedConfiguration", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "affectedSoftware", "hash": "162f31744a95df2647689927e2c9f350"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "72bb8363f7936a57718b734f3882a672"}, {"key": "cpe23", "hash": "b4bd27d4fd1e8e76b0722c790735b87f"}, {"key": "cpeConfiguration", "hash": "a7344cfc3c0b692bcf692ff161c23eae"}, {"key": "cvelist", "hash": "a7fc68a8c27b61a5c41edfd4585e6fd3"}, {"key": "cvss", "hash": "f74a1c24e49a5ecb0eefb5e51d4caa14"}, {"key": "cvss2", "hash": "25131d66a9f3961140b068f4b41aa42b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "34e69e045b64924bccf865d56b6918a2"}, {"key": "description", "hash": "a82365aadea961d0605a1a01061dafcd"}, {"key": "extraReferences", "hash": "0667fdedf9a42f4e93b4931c21a5b1c2"}, {"key": "href", "hash": "a710b1cc9b782b051417dc5377eb610d"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "b344145c06e807f8c6866f9125076821"}, {"key": "published", "hash": "fb571493bf863f7fc1d130149c311053"}, {"key": "references", "hash": "132100a7574bf1ff6b61dc337aab293d"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "f34dbd0755d18dec293098ce8f24f26a"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "38892fe04715743a6ef21f1a91d9c54bf61dd3ed4e6d5723e9e65e751f9283ee", "viewCount": 9, "enchantments": {"dependencies": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31534", "SECURITYVULNS:VULN:14155"]}], "modified": "2021-04-22T23:44:05", "rev": 2}, "score": {"value": 4.6, "vector": "NONE", "modified": "2021-04-22T23:44:05", "rev": 2}}, "objectVersion": "1.5", "cpe": ["cpe:/a:unitedplanet:intrexx:5.2", "cpe:/a:unitedplanet:intrexx:6.0"], "affectedSoftware": [{"cpeName": "unitedplanet:intrexx", "name": "unitedplanet intrexx", "operator": "eq", "version": "6.0"}, {"cpeName": "unitedplanet:intrexx", "name": "unitedplanet intrexx", "operator": "le", "version": "5.2"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {}, "cpe23": ["cpe:2.3:a:unitedplanet:intrexx:6.0:*:*:*:professional:*:*:*", "cpe:2.3:a:unitedplanet:intrexx:5.2:*:*:*:professional:*:*:*"], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"children": [], "cpe_match": [{"cpe23Uri": "cpe:2.3:a:unitedplanet:intrexx:6.0:*:*:*:professional:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:unitedplanet:intrexx:5.2:*:*:*:professional:*:*:*", "cpe_name": [], "versionEndIncluding": "5.2", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "71673", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/71673"}, {"name": "http://www.christian-schneider.net/advisories/CVE-2014-2026.txt", "refsource": "MISC", "tags": [], "url": "http://www.christian-schneider.net/advisories/CVE-2014-2026.txt"}, {"name": "http://packetstormsecurity.com/files/129590/Intrexx-Professional-6.0-5.2-Cross-Site-Scripting.html", "refsource": "MISC", "tags": [], "url": "http://packetstormsecurity.com/files/129590/Intrexx-Professional-6.0-5.2-Cross-Site-Scripting.html"}, {"name": "https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32", "refsource": "CONFIRM", "tags": ["Vendor Advisory"], "url": "https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32"}, {"name": "20141214 CVE-2014-2026 Reflected Cross-Site Scripting (XSS) in \"Intrexx Professional\"", "refsource": "BUGTRAQ", "tags": [], "url": "http://www.securityfocus.com/archive/1/534230/100/0/threaded"}], "immutableFields": []}], "securityvulns": [{"id": "SECURITYVULNS:VULN:14155", "bulletinFamily": "software", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "published": "2014-12-22T00:00:00", "modified": "2014-12-22T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14155", "reporter": " ", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31538", "https://vulners.com/securityvulns/securityvulns:doc:31514", "https://vulners.com/securityvulns/securityvulns:doc:31516", "https://vulners.com/securityvulns/securityvulns:doc:31531", "https://vulners.com/securityvulns/securityvulns:doc:31545", "https://vulners.com/securityvulns/securityvulns:doc:31546", "https://vulners.com/securityvulns/securityvulns:doc:31547", "https://vulners.com/securityvulns/securityvulns:doc:31515", "https://vulners.com/securityvulns/securityvulns:doc:31521", "https://vulners.com/securityvulns/securityvulns:doc:31517", "https://vulners.com/securityvulns/securityvulns:doc:31518", "https://vulners.com/securityvulns/securityvulns:doc:31526", "https://vulners.com/securityvulns/securityvulns:doc:31542", "https://vulners.com/securityvulns/securityvulns:doc:31541", "https://vulners.com/securityvulns/securityvulns:doc:31522", "https://vulners.com/securityvulns/securityvulns:doc:31512", "https://vulners.com/securityvulns/securityvulns:doc:31523", "https://vulners.com/securityvulns/securityvulns:doc:31535", "https://vulners.com/securityvulns/securityvulns:doc:31544", "https://vulners.com/securityvulns/securityvulns:doc:31506", "https://vulners.com/securityvulns/securityvulns:doc:31543", "https://vulners.com/securityvulns/securityvulns:doc:31507", "https://vulners.com/securityvulns/securityvulns:doc:31534", "https://vulners.com/securityvulns/securityvulns:doc:31513", "https://vulners.com/securityvulns/securityvulns:doc:31519"], "cvelist": ["CVE-2014-8340", "CVE-2014-2025", "CVE-2014-9218", "CVE-2014-9325", "CVE-2014-9215", "CVE-2014-9219", "CVE-2014-9129", "CVE-2014-9367", "CVE-2014-8793", "CVE-2014-9277", "CVE-2014-8724", "CVE-2014-8875", "CVE-2014-2026"], "type": "securityvulns", "lastseen": "2021-06-08T18:49:55", "history": [{"bulletin": {"affectedSoftware": [{"name": "Papoo Light", "operator": "eq", "version": "6.0"}, {"name": "Jease CMS", "operator": "eq", "version": "2.11"}, {"name": "Elefant CMS", "operator": "eq", "version": "1.3"}, {"name": "iTwitter", "operator": "eq", "version": "0.04"}, {"name": "Morfy CMS", "operator": "eq", "version": "1.05"}, {"name": "Bird Feeder", "operator": "eq", "version": "1.2"}, {"name": "phpmyadmin", "operator": "eq", "version": "4.2"}, {"name": "cm-download-manager", "operator": "eq", "version": "2.0"}, {"name": "ResourceSpace", "operator": "eq", "version": "6.4"}, {"name": "Concrete5 CMS", "operator": "eq", "version": "5.7"}, {"name": "mediawiki", "operator": "eq", "version": "1.19"}, {"name": "phpTrafficA", "operator": "eq", "version": "2.3"}, {"name": "PBBoard", "operator": "eq", "version": "3.0"}, {"name": "Twiki", "operator": "eq", "version": "6.0"}, {"name": "Konakart", "operator": "eq", "version": "7.3"}, {"name": "Fuzzylime", "operator": "eq", "version": "3.03"}, {"name": "W3 Total Cache", "operator": "eq", "version": "0.9"}], "bulletinFamily": "software", "cvelist": ["CVE-2014-8340", "CVE-2014-2025", "CVE-2014-9218", "CVE-2014-9325", "CVE-2014-9215", "CVE-2014-9219", "CVE-2014-9129", "CVE-2014-9367", "CVE-2014-8793", "CVE-2014-9277", "CVE-2014-8724", "CVE-2014-8875", "CVE-2014-2026"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 1, "enchantments": {"dependencies": {"modified": "2018-08-31T11:09:58", "references": [{"idList": ["EDB-ID:35473", "EDB-ID:35539"], "type": "exploitdb"}, {"idList": ["FEDORA:6DCD760C8132", "FEDORA:E783E6087C2A", "FEDORA:A968460CE2F8"], "type": "fedora"}, {"idList": ["CVE-2014-9218", "CVE-2014-9325", "CVE-2014-9215", "CVE-2014-9219", "CVE-2014-9129", "CVE-2014-9367", "CVE-2014-8793", "CVE-2014-9277", "CVE-2014-8724", "CVE-2014-8875"], "type": "cve"}, {"idList": ["1337DAY-ID-23000", "1337DAY-ID-23007", "1337DAY-ID-22973"], "type": "zdt"}, {"idList": ["WPVDB-ID:8165A99F-C5AB-43A8-8788-FA9AA22C62AA", "WPVDB-ID:3EEA73AF-E0A1-493C-A268-0CF340CB39A4"], "type": "wpvulndb"}, {"idList": ["C9C46FBF-7B83-11E4-A96E-6805CA0B3D42"], "type": "freebsd"}, {"idList": ["EXPLOITPACK:82B1C883B7ABCF6B637A4BE0B897B010", "EXPLOITPACK:F3BC2AAF495FCA5024817AE3782866F8"], "type": "exploitpack"}, {"idList": ["E-463"], "type": "dsquare"}, {"idList": ["OPENVAS:1361412562310805306", "OPENVAS:1361412562310805233", "OPENVAS:1361412562310805415", "OPENVAS:1361412562310868603", "OPENVAS:1361412562310868688", "OPENVAS:1361412562310805205", "OPENVAS:1361412562310703100", "OPENVAS:703100", "OPENVAS:1361412562310868571", "OPENVAS:1361412562310805307"], "type": "openvas"}, {"idList": ["PHPMYADMIN:PMASA-2014-17", "PHPMYADMIN:PMASA-2014-18"], "type": "phpmyadmin"}, {"idList": ["PACKETSTORM:129357", "PACKETSTORM:129655", "PACKETSTORM:129445", "PACKETSTORM:129392", "PACKETSTORM:129621", "PACKETSTORM:129626", "PACKETSTORM:129622", "PACKETSTORM:129654"], "type": "packetstorm"}, {"idList": ["DEBIAN:DSA-3100-1:9334E", "DEBIAN:DLA-336-1:24EC3", "DEBIAN:DSA-3382-1:A1C93"], "type": "debian"}, {"idList": ["MEDIAWIKI_1_23_7.NASL", "WORDPRESS_W3_TOTAL_CACHE_DEBUG_XSS.NASL", "FEDORA_2014-16327.NASL", "OPENSUSE-2014-776.NASL", "FEDORA_2014-16474.NASL", "DEBIAN_DSA-3100.NASL", "FREEBSD_PKG_C9C46FBF7B8311E4A96E6805CA0B3D42.NASL", "FEDORA_2014-16358.NASL", "PHPMYADMIN_PMASA_2014_18.NASL", "MANDRIVA_MDVSA-2014-243.NASL"], "type": "nessus"}, {"idList": ["TYPO3-EXT-SA-2014-018"], "type": "typo3"}, {"idList": ["MSF:ILITIES/DEBIAN-DSA-3100/"], "type": "metasploit"}, {"idList": ["GLSA-201502-04"], "type": "gentoo"}, {"idList": ["SECURITYVULNS:DOC:31518", "SECURITYVULNS:DOC:31522", "SECURITYVULNS:DOC:31513", "SECURITYVULNS:DOC:31531", "SECURITYVULNS:DOC:31517", "SECURITYVULNS:DOC:31535", "SECURITYVULNS:DOC:31542", "SECURITYVULNS:DOC:31526", "SECURITYVULNS:DOC:31521", "SECURITYVULNS:DOC:31515", "SECURITYVULNS:DOC:31506", "SECURITYVULNS:DOC:31514", "SECURITYVULNS:DOC:31544", "SECURITYVULNS:DOC:31541", "SECURITYVULNS:DOC:31512", "SECURITYVULNS:DOC:31516", "SECURITYVULNS:DOC:31547", "SECURITYVULNS:DOC:31546", "SECURITYVULNS:DOC:31543", "SECURITYVULNS:DOC:31519", "SECURITYVULNS:DOC:31523", "SECURITYVULNS:DOC:31545", "SECURITYVULNS:DOC:31507", "SECURITYVULNS:DOC:31534", "SECURITYVULNS:DOC:31538"], "type": "securityvulns"}, {"idList": ["HTB23242"], "type": "htbridge"}], "rev": 2}, "score": {"modified": "2018-08-31T11:09:58", "rev": 2, "value": 4.7, "vector": "NONE"}}, "hash": "e997fa5d05ec233525a29b30fd6d07f61d87e082dfd95aad4606d8ca11ebac6a", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "immutableFields"}, {"hash": "ddb68196ac322ad1803e6954e5007feb", "key": "published"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "c61e5d59aa5c4e535b518cca44e00a6f", "key": "description"}, {"hash": "f9fa10ba956cacf91d7878861139efb9", "key": "bulletinFamily"}, {"hash": "5404244695cced541256a675a9eb9470", "key": "references"}, {"hash": "7215ee9c7d9dc229d2921a40e899ec5f", "key": "reporter"}, {"hash": "9fbae74cadf62f3028fbbdea36c132fd", "key": "href"}, {"hash": "8e2c036d762e2ef82288b8bfaa34a17d", "key": "affectedSoftware"}, {"hash": "ddb68196ac322ad1803e6954e5007feb", "key": "modified"}, {"hash": "624bd3f435c6588e70f242905f93a71b", "key": "cvelist"}, {"hash": "9caff91e9ebcf551c6d0d9d96b286138", "key": "title"}, {"hash": "d54751dd75af2ea0147b462b3e001cd0", "key": "type"}], "history": [], "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14155", "id": "SECURITYVULNS:VULN:14155", "immutableFields": [], "lastseen": "2018-08-31T11:09:58", "modified": "2014-12-22T00:00:00", "objectVersion": "1.5", "published": "2014-12-22T00:00:00", "references": ["https://vulners.com/securityvulns/securityvulns:doc:31538", "https://vulners.com/securityvulns/securityvulns:doc:31514", "https://vulners.com/securityvulns/securityvulns:doc:31516", "https://vulners.com/securityvulns/securityvulns:doc:31531", "https://vulners.com/securityvulns/securityvulns:doc:31545", "https://vulners.com/securityvulns/securityvulns:doc:31546", "https://vulners.com/securityvulns/securityvulns:doc:31547", "https://vulners.com/securityvulns/securityvulns:doc:31515", "https://vulners.com/securityvulns/securityvulns:doc:31521", "https://vulners.com/securityvulns/securityvulns:doc:31517", "https://vulners.com/securityvulns/securityvulns:doc:31518", "https://vulners.com/securityvulns/securityvulns:doc:31526", "https://vulners.com/securityvulns/securityvulns:doc:31542", "https://vulners.com/securityvulns/securityvulns:doc:31541", "https://vulners.com/securityvulns/securityvulns:doc:31522", "https://vulners.com/securityvulns/securityvulns:doc:31512", "https://vulners.com/securityvulns/securityvulns:doc:31523", "https://vulners.com/securityvulns/securityvulns:doc:31535", "https://vulners.com/securityvulns/securityvulns:doc:31544", "https://vulners.com/securityvulns/securityvulns:doc:31506", "https://vulners.com/securityvulns/securityvulns:doc:31543", "https://vulners.com/securityvulns/securityvulns:doc:31507", "https://vulners.com/securityvulns/securityvulns:doc:31534", "https://vulners.com/securityvulns/securityvulns:doc:31513", "https://vulners.com/securityvulns/securityvulns:doc:31519"], "reporter": " ", "title": "Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "viewCount": 62}, "different_elements": ["affectedSoftware"], "edition": 1, "lastseen": "2018-08-31T11:09:58"}], "edition": 2, "hashmap": [{"key": "affectedSoftware", "hash": "27932100557512c03ebf8cfed6a651b8"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "624bd3f435c6588e70f242905f93a71b"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "c61e5d59aa5c4e535b518cca44e00a6f"}, {"key": "href", "hash": "9fbae74cadf62f3028fbbdea36c132fd"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "modified", "hash": "ddb68196ac322ad1803e6954e5007feb"}, {"key": "published", "hash": "ddb68196ac322ad1803e6954e5007feb"}, {"key": "references", "hash": "5404244695cced541256a675a9eb9470"}, {"key": "reporter", "hash": "7215ee9c7d9dc229d2921a40e899ec5f"}, {"key": "title", "hash": "9caff91e9ebcf551c6d0d9d96b286138"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "34794a879e5c88daf138477da01942a90791df6b413580f41e8b61b1c5f13d0e", "viewCount": 68, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-9215", "CVE-2014-9219", "CVE-2014-9218", "CVE-2014-9367", "CVE-2014-9325", "CVE-2014-8793", "CVE-2014-9129", "CVE-2014-8724", "CVE-2014-9277", "CVE-2014-8875"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2014-9219", "UB:CVE-2014-9277", "UB:CVE-2014-9218"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:31547", "SECURITYVULNS:DOC:31512", "SECURITYVULNS:DOC:31542", "SECURITYVULNS:DOC:31544", "SECURITYVULNS:DOC:31517", "SECURITYVULNS:DOC:31535", "SECURITYVULNS:DOC:31513", "SECURITYVULNS:DOC:31507", "SECURITYVULNS:DOC:31543", "SECURITYVULNS:DOC:31506", "SECURITYVULNS:DOC:31523", "SECURITYVULNS:DOC:31534", "SECURITYVULNS:DOC:31519", "SECURITYVULNS:DOC:31516", "SECURITYVULNS:DOC:31531", "SECURITYVULNS:DOC:31521", "SECURITYVULNS:DOC:31515", "SECURITYVULNS:DOC:31518", "SECURITYVULNS:DOC:31541", "SECURITYVULNS:DOC:31526", "SECURITYVULNS:DOC:31522", "SECURITYVULNS:DOC:31545", "SECURITYVULNS:DOC:31514", "SECURITYVULNS:DOC:31546", "SECURITYVULNS:DOC:31538"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310805117", "OPENVAS:1361412562310805233", "OPENVAS:1361412562310868688", "OPENVAS:1361412562310805415", "OPENVAS:1361412562310703100", "OPENVAS:703100", "OPENVAS:1361412562310805205", "OPENVAS:1361412562310805234", "OPENVAS:1361412562310868603", "OPENVAS:1361412562310868571"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:129357", "PACKETSTORM:129622", "PACKETSTORM:129392", "PACKETSTORM:129621", "PACKETSTORM:129655", "PACKETSTORM:129445", "PACKETSTORM:129654", "PACKETSTORM:129626"]}, {"type": "nessus", "idList": ["FEDORA_2014-16474.NASL", "8607.PRM", "WORDPRESS_W3_TOTAL_CACHE_DEBUG_XSS.NASL", "MANDRIVA_MDVSA-2014-243.NASL", "OPENSUSE-2014-776.NASL", "DEBIAN_DSA-3100.NASL", "PHPMYADMIN_PMASA_2014_18.NASL", "FREEBSD_PKG_C9C46FBF7B8311E4A96E6805CA0B3D42.NASL", "FEDORA_2014-16327.NASL", "FEDORA_2014-16358.NASL"]}, {"type": "fedora", "idList": ["FEDORA:A968460CE2F8", "FEDORA:E783E6087C2A", "FEDORA:6DCD760C8132"]}, {"type": "freebsd", "idList": ["C9C46FBF-7B83-11E4-A96E-6805CA0B3D42"]}, {"type": "wpvulndb", "idList": ["WPVDB-ID:8165A99F-C5AB-43A8-8788-FA9AA22C62AA", "WPVDB-ID:3EEA73AF-E0A1-493C-A268-0CF340CB39A4"]}, {"type": "debian", "idList": ["DEBIAN:DSA-3382-1:A1C93", "DEBIAN:DSA-3100-1:9334E", "DEBIAN:DLA-336-1:24EC3"]}, {"type": "metasploit", "idList": ["MSF:ILITIES/DEBIAN-DSA-3100/"]}, {"type": "exploitdb", "idList": ["EDB-ID:35539", "EDB-ID:35473"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:82B1C883B7ABCF6B637A4BE0B897B010", "EXPLOITPACK:F3BC2AAF495FCA5024817AE3782866F8"]}, {"type": "dsquare", "idList": ["E-463"]}, {"type": "zdt", "idList": ["1337DAY-ID-22973", "1337DAY-ID-23000", "1337DAY-ID-23007"]}, {"type": "phpmyadmin", "idList": ["PHPMYADMIN:PMASA-2014-17", "PHPMYADMIN:PMASA-2014-18"]}, {"type": "htbridge", "idList": ["HTB23242"]}, {"type": "typo3", "idList": ["TYPO3-EXT-SA-2014-018"]}, {"type": "gentoo", "idList": ["GLSA-201502-04"]}], "modified": "2021-06-08T18:49:55", "rev": 2}, "score": {"value": 4.7, "vector": "NONE", "modified": "2021-06-08T18:49:55", "rev": 2}}, "objectVersion": "1.5", "affectedSoftware": [{"name": "phptraffica", "operator": "eq", "version": "2.3"}, {"name": "papoo light", "operator": "eq", "version": "6.0"}, {"name": "concrete5 cms", "operator": "eq", "version": "5.7"}, {"name": "w3 total cache", "operator": "eq", "version": "0.9"}, {"name": "resourcespace", "operator": "eq", "version": "6.4"}, {"name": "twiki", "operator": "eq", "version": "6.0"}, {"name": "fuzzylime", "operator": "eq", "version": "3.03"}, {"name": "bird feeder", "operator": "eq", "version": "1.2"}, {"name": "konakart", "operator": "eq", "version": "7.3"}, {"name": "phpmyadmin", "operator": "eq", "version": "4.2"}, {"name": "cm-download-manager", "operator": "eq", "version": "2.0"}, {"name": "pbboard", "operator": "eq", "version": "3.0"}, {"name": "elefant cms", "operator": "eq", "version": "1.3"}, {"name": "itwitter", "operator": "eq", "version": "0.04"}, {"name": "mediawiki", "operator": "eq", "version": "1.19"}, {"name": "jease cms", "operator": "eq", "version": "2.11"}, {"name": "morfy cms", "operator": "eq", "version": "1.05"}], "immutableFields": [], "scheme": null, "cvss2": {}, "cvss3": {}}]}
