Lucene search

MitreCVE-2014-5276

HistoryOct 20, 2014 - 4:55 p.m.

CVE-2014-5276

2014-10-2016:55:09

CWE-79

mitre

web.nvd.nist.gov

cve-2014-5276

cross-site scripting

xss

pro chat rooms

text chat rooms

nvd

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.004

Percentile

72.3%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.

Affected configurations

Nvd

Node

pro_chat_roomstext_chat_roomsMatch8.2.0

VendorProductVersionCPE
pro_chat_roomstext_chat_rooms8.2.0cpe:2.3:a:pro_chat_rooms:text_chat_rooms:8.2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pro_chat_rooms	text_chat_rooms	8.2.0	cpe:2.3:a:pro_chat_rooms:text_chat_rooms:8.2.0:::::::*

References

archives.neohapsis.com/archives/bugtraq/2014-08/0026.html

packetstormsecurity.com/files/127775/Pro-Chat-Rooms-8.2.0-XSS-Shell-Upload-SQL-Injection.html

www.exploit-db.com/exploits/34275

exchange.xforce.ibmcloud.com/vulnerabilities/95125

exchange.xforce.ibmcloud.com/vulnerabilities/95126

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.004

Percentile

72.3%

JSON

Related for CVE-2014-5276