CVE-2014-2026

Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 52%
VendorProductVersion
unitedplanetintrexx
𝑥
≤ 5.2
unitedplanetintrexx
6.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/129590/Intrexx-Professional-6.0-5.2-Cross-Site-Scripting.html
http://www.christian-schneider.net/advisories/CVE-2014-2026.txt
http://www.securityfocus.com/archive/1/534230/100/0/threaded
http://www.securityfocus.com/bid/71673
https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32
http://packetstormsecurity.com/files/129590/Intrexx-Professional-6.0-5.2-Cross-Site-Scripting.html
http://www.christian-schneider.net/advisories/CVE-2014-2026.txt
http://www.securityfocus.com/archive/1/534230/100/0/threaded
http://www.securityfocus.com/bid/71673
https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32