Vulnerability Details : CVE-2014-2026
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2014-2026
- cpe:2.3:a:unitedplanet:intrexx:*:*:*:*:professional:*:*:*
- cpe:2.3:a:unitedplanet:intrexx:6.0:*:*:*:professional:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-2026
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 62 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-2026
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-2026
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-2026
-
http://www.securityfocus.com/archive/1/534230/100/0/threaded
SecurityFocus
-
https://help.unitedplanet.com/?rq_AppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_TargetPageGuid=2EBBF802B1970FE31EFC8A34108DF3F47E7A8EEC&rq_RecId=32&rq_SourceAppGuid=C203A277EDDF9AD2492B776B996B20D4A7C58395&rq_SourcePageGuid=7A91F4B76FFC41A18F4EA4ACE26F31E033C5B018&rq_SourceRecId=32
Ansichtsseite - Intrexx Support-CenterVendor Advisory
-
http://www.securityfocus.com/bid/71673
Intrexx Professional 'request' Parameter Cross Site Scripting Vulnerability
-
http://packetstormsecurity.com/files/129590/Intrexx-Professional-6.0-5.2-Cross-Site-Scripting.html
Intrexx Professional 6.0 / 5.2 Cross Site Scripting ≈ Packet Storm
-
http://www.christian-schneider.net/advisories/CVE-2014-2026.txt
Jump to