Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2236

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2236
Last Modified 30 Jul 2015 10:57:22
Published 05 Mar 2014 11:37:40
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2236

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) tag or (2) user search forms.

Vulnerable Systems

Application

  • Askbot 0.7.40

  • Askbot 0.7.41

  • Askbot 0.7.42

  • Askbot 0.7.43

  • Askbot 0.7.44

  • Askbot 0.7.45

  • Askbot 0.7.46

  • Askbot 0.7.47

  • Askbot 0.7.48


References

CONFIRM - https://github.com/ASKBOT/askbot-devel/commit/a676a86b6b7a5737d4da4f59f71e037406f88d29

CONFIRM - https://github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2#diff-b693b4c02739be4b3231bece15b0eb87

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1070852

MLIST - [oss-security] 20140228 Re: CVE request: askbot xss

SECUNIA - 57163

BID - 65885


Last Updated: 27 May 2016 11:04:34