Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-3774

Опубликовано: 07 авг. 2014
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:teampass:teampass:*:beta:*:*:*:*:*:*
Версия до 2.1.20 (включая)
cpe:2.3:a:teampass:teampass:2.1:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.1:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.2:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.3:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.4:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.5:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.10:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.13:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.14:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.15:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.18:*:*:*:*:*:*:*
cpe:2.3:a:teampass:teampass:2.1.19:*:*:*:*:*:*:*

EPSS

Процентиль: 53%
0.00305
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

debian логотип

CVE-2014-3774

debian
больше 11 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in items.php in Te ...

github логотип

GHSA-x23v-pv36-5884

github
больше 3 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly handled in a (1) hid_cat or (2) open_folder form element, or (3) id parameter, which is not properly handled in the open_id form element.

EPSS

Процентиль: 53%
0.00305
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79