Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2280

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2280
Last Modified 24 Mar 2014 07:03:18
Published 20 Mar 2014 12:55:17
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2280

Summary

Cross-site scripting (XSS) vulnerability in the search feature in SeedDMS (formerly LetoDMS and MyDMS) before 4.3.4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

Vulnerable Systems

Application

  • Seeddms 3.3.12

  • Seeddms 3.4.3

  • Seeddms 4.2.2


References

XF - seeddms-cve20142280-xss(91830)

CONFIRM - http://sourceforge.net/p/seeddms/code/ci/master/tree/CHANGELOG

SECUNIA - 57475

MISC - http://packetstormsecurity.com/files/125726

BUGTRAQ - 20140314 Multiple Vulnerabilities in SeedDMS < = 4.3.3


Last Updated: 27 May 2016 11:04:45