Lucene search
HistoryJan 08, 2015 - 7:59 p.m.
CVE-2014-9580
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.6
Confidence
High
EPSS
0.003
Percentile
66.1%
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information.
Affected configurations
Node
projectsendprojectsendMatch561
| Vendor | Product | Version | CPE |
|---|---|---|---|
| projectsend | projectsend | 561 | cpe:2.3:a:projectsend:projectsend:561:*:*:*:*:*:*:* |
Related
prion
prion
Design/Logic Flaw
2015-01-10 00:59:00
Cross site scripting
2015-01-08 19:59:00
cve
cve
CVE-2014-9580
2015-01-08 19:59:00
CVE-2014-1155
2015-01-10 00:59:00
cvelist
cvelist
CVE-2014-9580
2015-01-08 19:00:00
CVE-2014-1155
2015-01-10 00:00:00
nvd
nvd
CVE-2014-1155
2015-01-10 00:59:00
exploitdb
exploitdb
ProjectSend r561 - Multiple Vulnerabilities
2014-12-19 00:00:00
packetstorm
packetstorm
ProjectSend r561 Ultimate Cross Site Scripting / Path Disclosure
2014-12-20 00:00:00
zdt
zdt
ProjectSend - Cross Site Scripting Vulnerability
2014-12-20 00:00:00
exploitpack
exploitpack
ProjectSend r561 - Multiple Vulnerabilities
2014-12-19 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.6
Confidence
High
EPSS
0.003
Percentile
66.1%
Related for NVD:CVE-2014-9580