Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-100010

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-100010
Last Modified 13 Jan 2015 06:04:37
Published 13 Jan 2015 06:59:10
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-100010

Summary

Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php.

Vulnerable Systems

Application

  • Csphere Clansphere 2011.4


References

MISC - https://www.httpcs.com/advisory/httpcs127

BID - 66058

BUGTRAQ - 20140307 [HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability

SECUNIA - 57306

FULLDISC - 20140310 [HTTPCS] ClanSphere 'where' Cross Site Scripting Vulnerability


Last Updated: 27 May 2016 11:07:30