CVE-2014-1612

Sažetak

Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.

Reference

http://osvdb.org/102415
http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html
http://secunia.com/advisories/56638
http://www.kb.cert.org/vuls/id/252294
http://www.securityfocus.com/archive/1/530871/100/0/threaded
http://www.securityfocus.com/bid/65108
https://exchange.xforce.ibmcloud.com/vulnerabilities/90656

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

09-10-2018 - 19:42

Objavljeno

30-01-2014 - 18:55