[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248678

 
 

909

 
 

195426

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-1403Date: (C)2014-02-05   (M)2023-12-22


Cross-site scripting (XSS) vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
OSVDB-102803
http://seclists.org/fulldisclosure/2014/Feb/5
SECUNIA-56634
BID-65291
easyxdm-cve20141403-xss(90876)
http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html
https://github.com/oyvindkinsey/easyXDM/commit/a3194d32c25a0d27a10a47304eb9c9be93ffbf13#diff-6489956f1e1f52236929b4d33cbeb2db
https://github.com/oyvindkinsey/easyXDM/releases/tag/2.4.19

CPE    9
cpe:/a:easyxdm:easyxdm:2.3.3
cpe:/a:easyxdm:easyxdm:2.4.2
cpe:/a:easyxdm:easyxdm:2.4.3
cpe:/a:easyxdm:easyxdm:2.4.4
...
CWE    1
CWE-79

© SecPod Technologies