CVE-2014-5138

EUVD-2014-5036
Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter validation via unspecified vectors, possibly related to the Webpac Pro submodule.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
iiisierra
1.2_3:_3
𝑥
= Vulnerable software versions
References
https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html
https://packetstormsecurity.com/files/128053/Sierra-Library-Services-Platform-1.2_3-XSS-Enumeration.html