CVE-2014-5417

Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:meinberg:ntp_server_firmware:-:*:*:*:*:*:*:*
OR cpe:2.3:h:meinberg:lantime_m100:*:*:*:*:*:*:*:*
cpe:2.3:h:meinberg:lantime_m200:*:*:*:*:*:*:*:*
cpe:2.3:h:meinberg:lantime_m300:*:*:*:*:*:*:*:*
cpe:2.3:h:meinberg:lantime_m3000:*:*:*:*:*:*:*:*
cpe:2.3:h:meinberg:lantime_m400:*:*:*:*:*:*:*:*
cpe:2.3:h:meinberg:lantime_m600:*:*:*:*:*:*:*:*
cpe:2.3:h:meinberg:lantime_m900:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:12

Type Values Removed Values Added
References () http://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1404-lantime-web-interface-cross-site-scripting-vulnerability.htm - Vendor Advisory () http://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-1404-lantime-web-interface-cross-site-scripting-vulnerability.htm - Vendor Advisory
References () http://www.securityfocus.com/bid/70847 - () http://www.securityfocus.com/bid/70847 -
References () https://ics-cert.us-cert.gov/advisories/ICSA-14-275-01 - Third Party Advisory, US Government Resource () https://ics-cert.us-cert.gov/advisories/ICSA-14-275-01 - Third Party Advisory, US Government Resource

Information

Published : 2014-11-05 11:55

Updated : 2024-11-21 02:12


NVD link : CVE-2014-5417

Mitre link : CVE-2014-5417

CVE.ORG link : CVE-2014-5417


JSON object : View

Products Affected

meinberg

  • lantime_m900
  • ntp_server_firmware
  • lantime_m300
  • lantime_m200
  • lantime_m3000
  • lantime_m400
  • lantime_m100
  • lantime_m600
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')