Vulnerability Details : CVE-2015-1444
Multiple cross-site scripting (XSS) vulnerabilities in the web administration frontend in the httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 allow remote attackers to inject arbitrary web script or HTML via the (1) conntrack.cgi, (2) index.cgi, (3) log_syslog.cgi, (4) problems.cgi, (5) status.cgi, (6) status_network.cgi, or (7) status_system.cgi script in admin/.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2015-1444
- cpe:2.3:o:fli4l:fli4l:*:*:*:*:*:*:*:*
- cpe:2.3:o:fli4l:fli4l:4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1444
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1444
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2015-1444
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1444
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100610
Fli4l multiple cross-site scripting CVE-2015-1444 Vulnerability ReportVDB Entry
-
http://seclists.org/oss-sec/2015/q1/376
oss-sec: RCE, XSS and HTTP header injection in fli4l web interfaceMailing List;Third Party Advisory
-
http://seclists.org/oss-sec/2015/q1/381
oss-sec: Re: RCE, XSS and HTTP header injection in fli4l web interfaceMailing List;Third Party Advisory
-
http://www.fli4l.de/fileadmin/fli4l/security/advisory-FFL-1113.txt
Vendor Advisory
Jump to