Lucene search

MitreCVE-2014-5110

HistoryJul 28, 2014 - 3:55 p.m.

CVE-2014-5110

2014-07-2815:55:04

CWE-79

mitre

web.nvd.nist.gov

cve

2014

5110

cross-site scripting

xss

vulnerability

fonality trixbox

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

50.8%

JSON

Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter.

Affected configurations

Nvd

Node

netfortristrixboxMatch-

VendorProductVersionCPE
netfortristrixbox-cpe:2.3:a:netfortris:trixbox:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
netfortris	trixbox	-	cpe:2.3:a:netfortris:trixbox:-:::::::*

References

packetstormsecurity.com/files/127522/Trixbox-XSS-LFI-SQL-Injection-Code-Execution.html

exchange.xforce.ibmcloud.com/vulnerabilities/94719

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

50.8%

JSON

Related for CVE-2014-5110