CVE-2014-3110

{"id": "CVE-2014-3110", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-07-24T14:55:07.487", "references": [{"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/68838", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/44749/", "source": "cve@mitre.org"}, {"url": "http://ics-cert.us-cert.gov/advisories/ICSA-14-175-01", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/68838", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/44749/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en los dispositivos controladores Honeywell FALCON XLWeb Linux 2.04.01 y anteriores y los dispositivos controladores FALCON XLWeb XLWebExe 2.02.11 y anteriores permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrariios a trav\u00e9s de entradas inv\u00e1lidas."}], "lastModified": "2024-11-21T02:07:28.453", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:honeywell:falcon_xlweb_linux_controller:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCD8DDD2-BB5C-4EB4-9475-67F5B6341DBD", "versionEndIncluding": "2.04.01"}, {"criteria": "cpe:2.3:h:honeywell:falcon_xlweb_xlwebexe:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "33EAB24D-D7D1-46B5-9740-3A33425AE027", "versionEndIncluding": "2.02.11"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}