CVE-2014-1403 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 61%

Vendor	Product	Version
easyxdm	easyxdm	𝑥 ≤ 2.4.18
easyxdm	easyxdm	2.3.2
easyxdm	easyxdm	2.3.3
easyxdm	easyxdm	2.4.0
easyxdm	easyxdm	2.4.1
easyxdm	easyxdm	2.4.2
easyxdm	easyxdm	2.4.3
easyxdm	easyxdm	2.4.4
easyxdm	easyxdm	2.4.5
easyxdm	easyxdm	2.4.6

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References

http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html

http://osvdb.org/102803

http://seclists.org/fulldisclosure/2014/Feb/5

http://secunia.com/advisories/56634

http://www.securityfocus.com/bid/65291

https://exchange.xforce.ibmcloud.com/vulnerabilities/90876

https://github.com/oyvindkinsey/easyXDM/commit/a3194d32c25a0d27a10a47304eb9c9be93ffbf13#diff-6489956f1e1f52236929b4d33cbeb2db

https://github.com/oyvindkinsey/easyXDM/releases/tag/2.4.19

http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html

http://osvdb.org/102803

http://seclists.org/fulldisclosure/2014/Feb/5

http://secunia.com/advisories/56634

http://www.securityfocus.com/bid/65291

https://exchange.xforce.ibmcloud.com/vulnerabilities/90876

https://github.com/oyvindkinsey/easyXDM/commit/a3194d32c25a0d27a10a47304eb9c9be93ffbf13#diff-6489956f1e1f52236929b4d33cbeb2db

https://github.com/oyvindkinsey/easyXDM/releases/tag/2.4.19