Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameCVE-2014-2021First vendor Publication2014-10-24
VendorCveLast vendor Modification2017-08-28

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Cvss Base Score3.5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score6.8AuthenticationRequires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2021

CWE : Common Weakness Enumeration

%idName
100 %CWE-79Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application54

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/70577
FULLDISC http://seclists.org/fulldisclosure/2014/Oct/55
http://seclists.org/fulldisclosure/2014/Oct/63
MISC http://packetstormsecurity.com/files/128691/vBulletin-5.x-4.x-Persistent-Cros...
https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2021
SECTRACK http://www.securitytracker.com/id/1031000
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/97026

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
DateInformations
2017-09-02 00:23:41
  • Multiple Updates
2017-08-29 09:24:29
  • Multiple Updates
2016-09-03 12:00:42
  • Multiple Updates
2016-06-28 22:38:57
  • Multiple Updates
2016-05-20 09:24:34
  • Multiple Updates
2016-04-13 09:25:36
  • Multiple Updates
2014-10-27 21:23:04
  • Multiple Updates
2014-10-25 09:22:27
  • First insertion