CVE-2014-4853

Published Jul 10, 2014

Last updated 10 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A08B1B90-D9D2-491F-A8B4-F57935E62F87",
            "versionEndIncluding": "1.2.7.2"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.2:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4D3F02F-3FE2-4D7A-97A5-7CFB53BFEBC1"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.2:a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC21AE07-0BE2-470A-9A9D-9B0A0E1BB50F"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.2:b:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A4674E7-CDAE-46E0-BB50-89982B13EA3F"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEC5FABB-8752-4CFD-BED7-29DD2CE51B80"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.3:a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FE2D011C-A93E-46D0-93CE-3670B92C84A6"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4EA4AA2-95AD-4BD2-83E5-C4AE32317216"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5DAD56F-53B1-4D49-9A58-CC60AE2CF5CB"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.7:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7691977-FF85-4A33-8F38-2F35E975B1AB"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.7:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6356D416-603D-4CC2-B788-F66AA5C183EA"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.6.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3E47E7FB-D37A-4194-A57C-C40E2F3B5743"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBA22C31-F0BB-47FF-95B5-6C00FCEBF763"
          },
          {
            "criteria": "cpe:2.3:a:opendocman:opendocman:1.2.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E930F06-8FDB-414A-ACAC-0B3273B290A5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References