Lucene search
MitreCVE-2014-7987HistoryOct 31, 2014 - 2:55 p.m.
CVE-2014-7987
2014-10-3114:55:06
CWE-79
mitre
web.nvd.nist.gov
31
cve-2014-7987
cross-site scripting
xss vulnerability
espocrm
web script injection
html injection
nvd
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.003
Percentile
69.4%
Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.
Affected configurations
Node
espocrmespocrmRange≤2.5.2
Related
prion
prion
Cross site scripting
2014-10-31 14:55:00
cvelist
cvelist
CVE-2014-7987
2014-10-31 14:00:00
nvd
nvd
CVE-2014-7987
2014-10-31 14:55:06
htbridge
htbridge
Multiple vulnerabilities in EspoCRM
2014-10-08 00:00:00
packetstorm
packetstorm
EspoCRM 2.5.2 XSS / LFI / Access Control
2014-10-29 00:00:00
openvas
openvas
EspoCRM '/install/index.php' Multiple Vulnerabilities
2014-10-30 00:00:00
zdt
zdt
EspoCRM 2.5.2 XSS / LFI / Access Control Vulnerabilities
2014-10-30 00:00:00
securityvulns
securityvulns
Multiple vulnerabilities in EspoCRM
2014-11-03 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.7
Confidence
High
EPSS
0.003
Percentile
69.4%
Related for CVE-2014-7987