Lucene search

MitreCVE-2014-9522

HistoryJan 05, 2015 - 8:59 p.m.

CVE-2014-9522

2015-01-0520:59:18

CWE-79

mitre

web.nvd.nist.gov

cve-2014-9522

xss

cms

papoo light

web script

html

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.007

Percentile

80.8%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.

Affected configurations

Nvd

Node

papoocms_papoo_lightMatch6.0.0

VendorProductVersionCPE
papoocms_papoo_light6.0.0cpe:2.3:a:papoo:cms_papoo_light:6.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
papoo	cms_papoo_light	6.0.0	cpe:2.3:a:papoo:cms_papoo_light:6.0.0:::::::*

References

osvdb.org/show/osvdb/115944

packetstormsecurity.com/files/129586/CMS-Papoo-6.0.0-Revision-4701-Cross-Site-Scripting.html

sroesemann.blogspot.de/2014/12/bericht-zu-advisory-sroeadv-2014-01.html

www.exploit-db.com/exploits/35551

www.securityfocus.com/archive/1/534243/100/0/threaded

www.securityfocus.com/bid/71676

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.007

Percentile

80.8%

JSON

Related for CVE-2014-9522