CVE-2014-2260

Опубликовано: 30 апр. 2014

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.

Ссылки

http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html
Exploit
http://www.osvdb.org/102174
http://www.securityfocus.com/bid/64982
https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310
Exploit
Patch
https://github.com/Eugeny/ajenti/issues/233
http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html
Exploit
http://www.osvdb.org/102174
http://www.securityfocus.com/bid/64982
https://github.com/Eugeny/ajenti/commit/3270fd1d78391bb847b4c9ce37cf921f485b1310
Exploit
Patch
https://github.com/Eugeny/ajenti/issues/233

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ajenti:ajenti:1.2.13:*:*:*:*:*:*:*

EPSS

Процентиль: 44%

0.00215

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

CVE-2014-2260

debian

почти 12 лет назад

Cross-site scripting (XSS) vulnerability in plugins/main/content/js/aj ...

GHSA-9crx-p357-5vw8

CVSS3: 5.4

github

больше 3 лет назад

Ajenti Cross-site scripting (XSS) vulnerability