Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-2025

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-2025
Last Modified 25 Apr 2014 02:01:53
Published 25 Apr 2014 01:12:02
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-2025

Summary

Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Ushahidi Platform 2.5

  • Ushahidi Platform 2.6

  • Ushahidi Platform 2.6.1


References

CONFIRM - https://wiki.ushahidi.com/display/WIKI/1+May+2013+-+CVE-2013-2025

MISC - https://github.com/rjmackay/Ushahidi_Web/commit/593719ff805a302e3ab2f2e535c875f90a04ea56

CONFIRM - https://github.com/ushahidi/Ushahidi_Web/pull/1056

CONFIRM - https://github.com/ushahidi/Ushahidi_Web/issues/1009

BID - 59410


Last Updated: 27 May 2016 11:05:05