CVE-2014-8247

Опубликовано: 16 дек. 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in CA Release Automation (formerly iTKO LISA Release Automation) before 4.7.1 b448 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Ссылки

http://seclists.org/fulldisclosure/2014/Dec/55
http://securitytracker.com/id?1031375
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx
Vendor Advisory
http://www.kb.cert.org/vuls/id/343060
Third Party Advisory
US Government Resource
http://www.securityfocus.com/archive/1/534246/100/0/threaded
http://seclists.org/fulldisclosure/2014/Dec/55
http://securitytracker.com/id?1031375
http://www.ca.com/us/support/ca-support-online/product-content/recommended-reading/security-notices/ca20141215-01-security-notice-for-ca-lisa-release-automation.aspx
Vendor Advisory
http://www.kb.cert.org/vuls/id/343060
Third Party Advisory
US Government Resource
http://www.securityfocus.com/archive/1/534246/100/0/threaded

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:broadcom:release_automation:*:*:*:*:*:*:*:*

Версия до 4.7.1 (включая)

EPSS

Процентиль: 89%

0.04512

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-52r3-m642-mp2f

github

больше 3 лет назад