CVE-2014-2024

Published Mar 14, 2014

Last updated 4 months ago

CVSS info 4.3

Overview

Description: Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:openclassifieds:open_classifieds_2:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F344FE4-1B7A-4D76-A03C-6DE41201CE3A",
            "versionEndIncluding": "2.1.2"
          },
          {
            "criteria": "cpe:2.3:a:openclassifieds:open_classifieds_2:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CE392C8-EFEF-4B7B-B54B-75A9EE64C128"
          },
          {
            "criteria": "cpe:2.3:a:openclassifieds:open_classifieds_2:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C454DBC-BEE9-4074-9613-BE69048DA0AF"
          },
          {
            "criteria": "cpe:2.3:a:openclassifieds:open_classifieds_2:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BDD9E7D2-812F-4F77-9383-ABC584D8EE50"
          },
          {
            "criteria": "cpe:2.3:a:openclassifieds:open_classifieds_2:2.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C83B09C-ADE8-40B9-8400-792129668F3D"
          },
          {
            "criteria": "cpe:2.3:a:openclassifieds:open_classifieds_2:2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8DD433E-FB01-431C-92E3-A4070A882F4F"
          },
          {
            "criteria": "cpe:2.3:a:openclassifieds:open_classifieds_2:2.0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C9E17F5C-CE2C-4260-9D40-0A4637AD8ADC"
          },
          {
            "criteria": "cpe:2.3:a:openclassifieds:open_classifieds_2:2.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "88764A03-40FF-4C3D-A57A-1D5E88662E78"
          },
          {
            "criteria": "cpe:2.3:a:openclassifieds:open_classifieds_2:2.0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FC57D04-D645-4EA0-931B-1BF9A83AF40A"
          },
          {
            "criteria": "cpe:2.3:a:openclassifieds:open_classifieds_2:2.0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA46428A-A545-4639-85A7-C56D84A57A16"
          },
          {
            "criteria": "cpe:2.3:a:openclassifieds:open_classifieds_2:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4B5F8D93-9F23-479A-AC33-0079AFEC4863"
          },
          {
            "criteria": "cpe:2.3:a:openclassifieds:open_classifieds_2:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "581FDF54-DC29-4235-9CE0-A92AD429A52D"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References