Lucene search
HistoryOct 10, 2014 - 1:55 a.m.
CVE-2014-6439
cve-2014-6439
cross-site scripting
xss
cors
elasticsearch
security vulnerability
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.3%
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected configurations
Node
elasticsearchelasticsearchRange≤1.3.3
| CPE | Name | Operator | Version |
|---|---|---|---|
| elasticsearch:elasticsearch | elasticsearch | le | 1.3.3 |
Related
openvas
openvas
Elasticsearch Cross-site Scripting (XSS) Vulnerability - Windows
2016-06-23 00:00:00
Elasticsearch Cross-site Scripting (XSS) Vulnerability - Linux
2016-06-28 00:00:00
securityvulns
securityvulns
Elasticsearch vulnerability CVE-2014-6439
2014-10-05 00:00:00
elasticsearch weak CORS policy
2014-10-05 00:00:00
github
github
Cross-site scripting in Elasticsearch
2022-05-14 02:51:14
nessus
nessus
osv
osv
Cross-site scripting in Elasticsearch
2022-05-14 02:51:14
prion
prion
Cross site scripting
2014-10-10 01:55:00
cvelist
cvelist
CVE-2014-6439
2014-10-10 01:00:00
freebsd
freebsd
nvd
nvd
CVE-2014-6439
2014-10-10 01:55:11
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.6 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.3%
Related for CVE-2014-6439