Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2260

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2014-2260
Last Modified 01 May 2014 11:42:19
Published 30 Apr 2014 07:58:26
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2014-2260

Summary

Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.

Vulnerable Systems

Application

  • Ajenti 1.2.13


References

CONFIRM - https://github.com/Eugeny/ajenti/issues/233

MISC - https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310

BID - 64982

OSVDB - 102174

MISC - http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html


Last Updated: 27 May 2016 11:05:09