CVE-2015-2043

{"id": "CVE-2015-2043", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2015-02-25T22:59:01.297", "references": [{"url": "http://packetstormsecurity.com/files/130490/MyConnection-Server-8.2b-Cross-Site-Scripting.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/130490/MyConnection-Server-8.2b-Cross-Site-Scripting.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in Visualware MyConnection Server 8.2b allow remote attackers to inject arbitrary web script or HTML via the (1) bt, (2) variable, or (3) et parameter to myspeed/db/historyitem."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en Visualware MyConnection Server 8.2b permiten a atacantes remotos inyectar secuencias de comandos web arbitrarios o HTML a trav\u00e9s del par\u00e1metro (1) bt, (2) variable, o (3) et en myspeed/db/historyitem."}], "lastModified": "2024-11-21T02:26:38.510", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:visualware:myconnection_server:8.2b:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2A7F4F76-1D74-490E-9100-F49E62A59224"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}