CVE-2014-2965

Published Jul 3, 2014

Last updated 10 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter.
Source: cret@cert.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:spamtitan:spamtitan:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC9A0DAA-2D8B-486C-A04B-FBAFE82DE12B",
            "versionEndIncluding": "6.03"
          },
          {
            "criteria": "cpe:2.3:a:spamtitan:spamtitan:5.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "254E5B1F-B705-446F-B442-2B9B49B23C9E"
          },
          {
            "criteria": "cpe:2.3:a:spamtitan:spamtitan:5.05:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "29FD207A-FF81-415F-B7B9-020D0AF8C489"
          },
          {
            "criteria": "cpe:2.3:a:spamtitan:spamtitan:5.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DA5B668-CCDA-4A26-9687-A6CB6A4750D4"
          },
          {
            "criteria": "cpe:2.3:a:spamtitan:spamtitan:5.07:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9231A45B-09CF-4915-A693-6B35F861753C"
          },
          {
            "criteria": "cpe:2.3:a:spamtitan:spamtitan:5.08:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AFD256D3-B6E2-487E-A281-E3FEC79A5A8B"
          },
          {
            "criteria": "cpe:2.3:a:spamtitan:spamtitan:5.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55B644CD-2403-417A-8A7C-503F13B9AF99"
          },
          {
            "criteria": "cpe:2.3:a:spamtitan:spamtitan:5.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8889502C-169D-48A5-A7A6-FB4C1D36FE5A"
          },
          {
            "criteria": "cpe:2.3:a:spamtitan:spamtitan:5.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "670CAF49-4F76-41EB-88AA-6957AE0D973A"
          },
          {
            "criteria": "cpe:2.3:a:spamtitan:spamtitan:5.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F16D052E-7D67-47BA-B060-7FCF5AFFFFB4"
          },
          {
            "criteria": "cpe:2.3:a:spamtitan:spamtitan:6.00:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CE7DC7D-E06A-465D-B6BC-466CA9BB0BAA"
          },
          {
            "criteria": "cpe:2.3:a:spamtitan:spamtitan:6.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17EBC187-6819-4F01-BE07-62C173E2B633"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References