Lucene search

[email protected]NVD:CVE-2014-10014

HistoryJan 13, 2015 - 11:59 a.m.

CVE-2014-10014

2015-01-1311:59:22

CWE-352

[email protected]

web.nvd.nist.gov

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Event Booking Calendar 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) change the username and password of the administrator via an update action to the AdminOptions controller or conduct cross-site scripting (XSS) attacks via the (2) event_title parameter in a create action to the AdminEvents controller or (3) category_title parameter in a create action to the AdminCategories controller.

Affected configurations

Nvd

Node

phpjabbersevent_booking_calendarMatch2.0

VendorProductVersionCPE
phpjabbersevent_booking_calendar2.0cpe:2.3:a:phpjabbers:event_booking_calendar:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
phpjabbers	event_booking_calendar	2.0	cpe:2.3:a:phpjabbers:event_booking_calendar:2.0:::::::*

References

packetstormsecurity.com/files/124753/eventbookingcalendar-xssxsrfsql.txt

secunia.com/advisories/56373

exchange.xforce.ibmcloud.com/vulnerabilities/90413

exchange.xforce.ibmcloud.com/vulnerabilities/90414

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

6.8

Confidence

High

EPSS

0.004

Percentile

74.3%

JSON

Related for NVD:CVE-2014-10014

cve1 cvelist1 prion1 exploitdb1