Lucene search

[email protected]CVE-2014-3247

HistoryMay 15, 2014 - 2:55 p.m.

CVE-2014-3247

2014-05-1514:55:07

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-3247

cross-site scripting

xss vulnerability

collabtive 1.2

add project

admin.php

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

JSON

Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php.

Affected configurations

NVD

Node

o-dyncollabtiveMatch1.2

CPENameOperatorVersion
o-dyn:collabtiveo-dyn collabtiveeq1.2

CPE	Name	Operator	Version
o-dyn:collabtive	o-dyn collabtive	eq	1.2

References

www.exploit-db.com/exploits/33250

www.securityfocus.com/bid/67343

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.3 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

54.9%

JSON

Related for CVE-2014-3247

seebug1 ubuntucve1 cvelist1 prion1 nvd1 zdt1 exploitpack1 exploitdb1