Lucene search

[email protected]NVD:CVE-2014-4166

HistoryJun 16, 2014 - 6:55 p.m.

CVE-2014-4166

2014-06-1618:55:10

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

60.4%

JSON

Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field.

Affected configurations

Nvd

Node

shoutcastdnasMatch2.2.1

VendorProductVersionCPE
shoutcastdnas2.2.1cpe:2.3:a:shoutcast:dnas:2.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shoutcast	dnas	2.2.1	cpe:2.3:a:shoutcast:dnas:2.2.1:::::::*

References

osvdb.org/show/osvdb/108052

packetstormsecurity.com/files/127074/SHOUTcast-DNAS-2.2.1-Cross-Site-Scripting.html

www.exploit-db.com/exploits/33714

www.securityfocus.com/bid/68019

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

60.4%

JSON

Related for NVD:CVE-2014-4166

prion1 exploitdb1 cvelist1 cve1