exploitDog

CVE-2014-2844

Опубликовано: 18 апр. 2014

Источник: nvd

CVSS2: 3.5

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin.

Ссылки

http://seclists.org/fulldisclosure/2014/Apr/223
Exploit
http://secunia.com/advisories/58038
Vendor Advisory
http://www.f-secure.com/en/web/labs_global/fsc-2014-2
Vendor Advisory
http://seclists.org/fulldisclosure/2014/Apr/223
Exploit
http://secunia.com/advisories/58038
Vendor Advisory
http://www.f-secure.com/en/web/labs_global/fsc-2014-2
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:f-secure:secure_messaging_secure_gateway:7.5.0:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00209

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-whgc-8rw5-c9xj

github

больше 3 лет назад

Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new parameter in the SysUser module to admin.

EPSS

Процентиль: 43%

0.00209

Низкий

3.5 Low

CVSS2

Дефекты

CWE-79