Lucene search
MitreCVE-2014-5257HistoryNov 06, 2014 - 3:55 p.m.
CVE-2014-5257
2014-11-0615:55:08
CWE-79
mitre
web.nvd.nist.gov
23
xss
vulnerabilities
forma lms
remote attackers
web script
html
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.003
Percentile
65.5%
Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request or (2) id_game parameter in an alms/games/edit request to appCore/index.php.
Affected configurations
Node
formalmsformalmsRange≤1.2.1
Related
packetstorm
packetstorm
Forma Lms 1.2.1 Cross Site Scripting
2014-11-05 00:00:00
cvelist
cvelist
CVE-2014-5257
2014-11-06 15:00:00
securityvulns
securityvulns
htbridge
htbridge
Two Reflected Cross-Site Scripting (XSS) Vulnerabilities in Forma Lms
2014-08-06 00:00:00
prion
prion
Cross site scripting
2014-11-06 15:55:00
nvd
nvd
CVE-2014-5257
2014-11-06 15:55:08
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.8
Confidence
High
EPSS
0.003
Percentile
65.5%
Related for CVE-2014-5257