CVE-2014-2965

{"id": "CVE-2014-2965", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-07-03T14:55:06.660", "references": [{"url": "http://packetstormsecurity.com/files/127184/SpamTitan-6.01-Cross-Site-Scripting.html", "source": "cret@cert.org"}, {"url": "http://seclists.org/fulldisclosure/2014/Jun/113", "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/849500", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/68143", "source": "cret@cert.org"}, {"url": "http://packetstormsecurity.com/files/127184/SpamTitan-6.01-Cross-Site-Scripting.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://seclists.org/fulldisclosure/2014/Jun/113", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/849500", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/68143", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter."}, {"lang": "es", "value": "Vulnerabilidad de XSS en auth-settings-x.php en SpamTitan anterior a 6.04 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s del par\u00e1metro sortdir."}], "lastModified": "2024-11-21T02:07:15.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:spamtitan:spamtitan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC9A0DAA-2D8B-486C-A04B-FBAFE82DE12B", "versionEndIncluding": "6.03"}, {"criteria": "cpe:2.3:a:spamtitan:spamtitan:5.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "254E5B1F-B705-446F-B442-2B9B49B23C9E"}, {"criteria": "cpe:2.3:a:spamtitan:spamtitan:5.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "29FD207A-FF81-415F-B7B9-020D0AF8C489"}, {"criteria": "cpe:2.3:a:spamtitan:spamtitan:5.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DA5B668-CCDA-4A26-9687-A6CB6A4750D4"}, {"criteria": "cpe:2.3:a:spamtitan:spamtitan:5.07:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9231A45B-09CF-4915-A693-6B35F861753C"}, {"criteria": "cpe:2.3:a:spamtitan:spamtitan:5.08:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AFD256D3-B6E2-487E-A281-E3FEC79A5A8B"}, {"criteria": "cpe:2.3:a:spamtitan:spamtitan:5.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55B644CD-2403-417A-8A7C-503F13B9AF99"}, {"criteria": "cpe:2.3:a:spamtitan:spamtitan:5.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8889502C-169D-48A5-A7A6-FB4C1D36FE5A"}, {"criteria": "cpe:2.3:a:spamtitan:spamtitan:5.12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "670CAF49-4F76-41EB-88AA-6957AE0D973A"}, {"criteria": "cpe:2.3:a:spamtitan:spamtitan:5.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F16D052E-7D67-47BA-B060-7FCF5AFFFFB4"}, {"criteria": "cpe:2.3:a:spamtitan:spamtitan:6.00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CE7DC7D-E06A-465D-B6BC-466CA9BB0BAA"}, {"criteria": "cpe:2.3:a:spamtitan:spamtitan:6.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "17EBC187-6819-4F01-BE07-62C173E2B633"}], "operator": "OR"}]}], "sourceIdentifier": "cret@cert.org"}