Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-10036

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-10036
Last Modified 14 Jan 2015 04:43:15
Published 13 Jan 2015 10:59:46
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-10036

Summary

Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to inject arbitrary web script or HTML via the cameFromUrl parameter to feed/generateFeedUrl.html.

Vulnerable Systems

Application

  • Jetbrains Teamcity 8.0


References

MISC - https://www.netsparker.com/critical-xss-vulnerabilities-in-teamcity/

XF - teamcity-camefromurl-xss(91768)

SECUNIA - 57221

CONFIRM - http://confluence.jetbrains.com/display/TCD8/What%27s+New+in+TeamCity+8.1


Last Updated: 27 May 2016 11:07:32