CVE-2014-8490

Опубликовано: 28 янв. 2020

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm.

Ссылки

http://seclists.org/fulldisclosure/2014/Dec/83
Exploit
Mailing List
Third Party Advisory
http://tetraph.com/security/cves/cve-2014-8490-tennisconnect-components-system-xss-cross-site-scripting-security-vulnerability/
Broken Link
http://seclists.org/fulldisclosure/2014/Dec/83
Exploit
Mailing List
Third Party Advisory
http://tetraph.com/security/cves/cve-2014-8490-tennisconnect-components-system-xss-cross-site-scripting-security-vulnerability/
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tennisconnect:components:9.927:*:*:*:*:*:*:*

EPSS

Процентиль: 51%

0.00285

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-5rpj-fm7p-p2f2

github

больше 3 лет назад