Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
Name CVE-2014-2021 First vendor Publication 2014-10-24
Vendor Cve Last vendor Modification 2017-08-29

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:S/C:N/I:P/A:N)
Cvss Base Score 3.5 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 6.8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

Cross-site scripting (XSS) vulnerability in admincp/apilog.php in vBulletin 4.2.2 and earlier, and 5.0.x through 5.0.5 allows remote authenticated users to inject arbitrary web script or HTML via a crafted XMLRPC API request, as demonstrated using the client name.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2021

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 63

Sources (Detail)

Source Url
BID http://www.securityfocus.com/bid/70577
FULLDISC http://seclists.org/fulldisclosure/2014/Oct/55
http://seclists.org/fulldisclosure/2014/Oct/63
MISC http://packetstormsecurity.com/files/128691/vBulletin-5.x-4.x-Persistent-Cros...
https://github.com/tintinweb/pub/tree/master/pocs/cve-2014-2021
SECTRACK http://www.securitytracker.com/id/1031000
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/97026

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
Date Informations
2021-05-04 12:30:52
  • Multiple Updates
2021-04-22 01:37:17
  • Multiple Updates
2020-05-23 01:51:30
  • Multiple Updates
2020-05-23 00:40:22
  • Multiple Updates
2017-09-02 00:23:41
  • Multiple Updates
2017-08-29 09:24:29
  • Multiple Updates
2016-09-03 12:00:42
  • Multiple Updates
2016-06-28 22:38:57
  • Multiple Updates
2016-05-20 09:24:34
  • Multiple Updates
2016-04-13 09:25:36
  • Multiple Updates
2014-10-27 21:23:04
  • Multiple Updates
2014-10-25 09:22:27
  • First insertion