CVE-2014-9212

{"id": "CVE-2014-9212", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-12-05T15:59:07.947", "references": [{"url": "http://packetstormsecurity.com/files/129372/Altitude-uAgent-Altitude-uCI-7.5-XSS.html", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an email hyperlink or the (2) style parameter in the image attribute section."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en Altitude uAgent en Altitude uCI (Unified Customer Interaction) 7.5 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) un hiperv\u00ednculo de email o (2) el par\u00e1metro style en la secci\u00f3n de atributos de im\u00e1genes."}], "lastModified": "2014-12-06T01:38:31.303", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:altitude:altitude_unified_customer_interaction:7.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3C7C3567-46B1-47F1-857D-D7223B0E5C92"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}