exploitDog

CVE-2014-0330

Опубликовано: 06 фев. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.

Ссылки

http://osvdb.org/102855
http://www.kb.cert.org/vuls/id/813382
Exploit
US Government Resource
http://www.securityfocus.com/bid/65333
https://exchange.xforce.ibmcloud.com/vulnerabilities/90954
http://osvdb.org/102855
http://www.kb.cert.org/vuls/id/813382
Exploit
US Government Resource
http://www.securityfocus.com/bid/65333
https://exchange.xforce.ibmcloud.com/vulnerabilities/90954

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:dell:kace_k1000_systems_management_appliance_software:5.5.90545:*:*:*:*:*:*:*

cpe:2.3:h:dell:kace_k1000_systems_management_appliance:-:*:*:*:*:*:*:*

EPSS

Процентиль: 80%

0.01434

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-hwvc-r8vf-3vq7

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in adminui/user_list.php on the Dell KACE K1000 management appliance 5.5.90545 allows remote attackers to inject arbitrary web script or HTML via the LABEL_ID parameter.

EPSS

Процентиль: 80%

0.01434

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79