Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9580

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-9580
Last Modified 10 Jan 2015 09:59:27
Published 08 Jan 2015 02:59:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-9580

Summary

Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information.

Vulnerable Systems

Application

  • Projectsend 561


References

XF - projectsend-imagedescrip-xss(99550)

EXPLOIT-DB - 35582

MISC - http://packetstormsecurity.com/files/129666


Last Updated: 27 May 2016 10:50:04