Lucene search

MitreCVE-2014-4694

HistoryJul 02, 2014 - 10:35 a.m.

CVE-2014-4694

2014-07-0210:35:26

CWE-79

mitre

web.nvd.nist.gov

cve-2014-4694

cross-site scripting

xss vulnerabilities

suricata

pfsense

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

53.4%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in suricata_select_alias.php in the Suricata package before 1.0.6 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via unspecified variables.

Affected configurations

Nvd

Node

netgatepfsenseRange≤2.1.4

netgatepfsenseMatch2.1.3

pfsensesuricata_packageRange≤1.0.5

VendorProductVersionCPE
netgatepfsense*cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*
netgatepfsense2.1.3cpe:2.3:a:netgate:pfsense:2.1.3:*:*:*:*:*:*:*
pfsensesuricata_package*cpe:2.3:a:pfsense:suricata_package:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netgate	pfsense	*	cpe:2.3:a:netgate:pfsense::::::::
netgate	pfsense	2.1.3	cpe:2.3:a:netgate:pfsense:2.1.3:::::::*
pfsense	suricata_package	*	cpe:2.3:a:pfsense:suricata_package::::::::

References

pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.002

Percentile

53.4%

JSON

Related for CVE-2014-4694