Lucene search

[email protected]CVE-2014-5343

HistoryAug 19, 2014 - 6:55 p.m.

CVE-2014-5343

2014-08-1918:55:03

CWE-79

[email protected]

web.nvd.nist.gov

cve-2014-5343

cross-site scripting

xss

vulnerability

feng office

remote attackers

web script

html

name field

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Cross-site scripting (XSS) vulnerability in Feng Office allows remote attackers to inject arbitrary web script or HTML via a client Name field.

Affected configurations

NVD

Node

fengofficefeng_officeMatch1.6.2

fengofficefeng_officeMatch1.7

fengofficefeng_officeMatch1.7beta

fengofficefeng_officeMatch1.7beta2

fengofficefeng_officeMatch1.7rc

fengofficefeng_officeMatch1.7rc2

fengofficefeng_officeMatch1.7rc3

fengofficefeng_officeMatch1.7.1

fengofficefeng_officeMatch1.7.2

fengofficefeng_officeMatch1.7.3.1

fengofficefeng_officeMatch1.7.4

fengofficefeng_officeMatch1.7.5

fengofficefeng_officeMatch1.7.5beta

fengofficefeng_officeMatch1.7.5rc2

fengofficefeng_officeMatch1.7.5rc3

fengofficefeng_officeMatch2.0.0

fengofficefeng_officeMatch2.0.0beta1

fengofficefeng_officeMatch2.0.0beta2

fengofficefeng_officeMatch2.0.0beta3

fengofficefeng_officeMatch2.0.0beta4

fengofficefeng_officeMatch2.0.0rc

fengofficefeng_officeMatch2.1.0

fengofficefeng_officeMatch2.1.0beta

fengofficefeng_officeMatch2.1.0rc

fengofficefeng_officeMatch2.1.0rc2

fengofficefeng_officeMatch2.2.0

fengofficefeng_officeMatch2.2.0beta

fengofficefeng_officeMatch2.2.0rc

fengofficefeng_officeMatch2.2.1

fengofficefeng_officeMatch2.2.1rc

fengofficefeng_officeMatch2.2.2

fengofficefeng_officeMatch2.2.3.1

fengofficefeng_officeMatch2.2.3.1beta

fengofficefeng_officeMatch2.2.4

fengofficefeng_officeMatch2.2.4beta

fengofficefeng_officeMatch2.2.4.1

fengofficefeng_officeMatch2.3

fengofficefeng_officeMatch2.3beta

fengofficefeng_officeMatch2.3rc

fengofficefeng_officeMatch2.3rc2

fengofficefeng_officeMatch2.3.1

fengofficefeng_officeMatch2.3.1beta

fengofficefeng_officeMatch2.3.1rc

fengofficefeng_officeMatch2.3.1.1

fengofficefeng_officeMatch2.3.2

fengofficefeng_officeMatch2.3.2beta

fengofficefeng_officeMatch2.3.2rc

fengofficefeng_officeMatch2.3.2rc2

fengofficefeng_officeMatch2.3.2.1

CPENameOperatorVersion
fengoffice:feng_officefengoffice feng officeeq1.6.2
fengoffice:feng_officefengoffice feng officeeq1.7
fengoffice:feng_officefengoffice feng officeeq1.7.1
fengoffice:feng_officefengoffice feng officeeq1.7.2
fengoffice:feng_officefengoffice feng officeeq1.7.3.1
fengoffice:feng_officefengoffice feng officeeq1.7.4
fengoffice:feng_officefengoffice feng officeeq1.7.5
fengoffice:feng_officefengoffice feng officeeq2.0.0
fengoffice:feng_officefengoffice feng officeeq2.1.0
fengoffice:feng_officefengoffice feng officeeq2.2.0

CPE	Name	Operator	Version
fengoffice:feng_office	fengoffice feng office	eq	1.6.2
fengoffice:feng_office	fengoffice feng office	eq	1.7
fengoffice:feng_office	fengoffice feng office	eq	1.7.1
fengoffice:feng_office	fengoffice feng office	eq	1.7.2
fengoffice:feng_office	fengoffice feng office	eq	1.7.3.1
fengoffice:feng_office	fengoffice feng office	eq	1.7.4
fengoffice:feng_office	fengoffice feng office	eq	1.7.5
fengoffice:feng_office	fengoffice feng office	eq	2.0.0
fengoffice:feng_office	fengoffice feng office	eq	2.1.0
fengoffice:feng_office	fengoffice feng office	eq	2.2.0

Rows per page:

1-10 of 201

References

packetstormsecurity.com/files/127777/Feng-Office-Cross-Site-Scripting.html

www.securityfocus.com/bid/69080

exchange.xforce.ibmcloud.com/vulnerabilities/95173

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.8 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Related for CVE-2014-5343

cvelist1 prion1 nvd1