CVE-2014-9405

Опубликовано: 06 янв. 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.

Ссылки

http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Jun/1
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/archive/1/535660/100/0/threaded
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/74936
Third Party Advisory
VDB Entry
http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
Exploit
Third Party Advisory
VDB Entry
http://seclists.org/fulldisclosure/2015/Jun/1
Exploit
Mailing List
Third Party Advisory
http://www.securityfocus.com/archive/1/535660/100/0/threaded
Exploit
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/74936
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:free:freebox_os:3.0.2:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.00579

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-qrjx-wfph-47qh

github

больше 3 лет назад