Vulnerability Details : CVE-2014-7290
Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems Aeon 3.5 and 3.6 allow remote attackers to inject arbitrary web script or HTML via the (1) Action or (2) Form parameter to aeon.dll.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2014-7290
- cpe:2.3:a:atlas_systems:aeon:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:atlas_systems:aeon:3.6:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-7290
0.22%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 59 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-7290
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-7290
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-7290
-
http://tetraph.com/security/xss-vulnerability/cve-2014-7290-atlas-systems-aeon-xss-cross-site-scripting-vulnerability/
CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability – Information Security - Tetraph
-
http://packetstormsecurity.com/files/129114/Atlas-Systems-Aeon-3.5-3.6-Cross-Site-Scripting.html
Atlas Systems Aeon 3.5 / 3.6 Cross Site Scripting ≈ Packet Storm
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/98705
Atlas Systems Aeon aeon.dll cross-site scripting CVE-2014-7290 Vulnerability Report
-
http://seclists.org/fulldisclosure/2014/Nov/32
Full Disclosure: CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Vulnerability
Jump to