CVE-2014-6631
Published Oct 8, 2014
Last updated 10 years ago
Overview
- Description
- Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.3
- Impact score
- 2.9
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-79
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "83513309-01CD-411C-82EF-62C1F7F4764F"
},
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27BABCB8-916D-452E-8848-B51B3374CE8B"
},
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD14669F-9C13-46BA-A45B-EC0B4081D105"
},
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "370F58E9-AD21-446F-BC29-10F2A448F18E"
},
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.2.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "56C7EA5D-CEB8-45C6-A50F-577B02BBD25F"
},
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A3ED8A4-60AF-4347-8A4E-41BAF7ED09B1"
},
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C4B4D693-A540-4FB3-B7F9-9746F01B44CA"
},
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B9623DC6-3822-4493-A0CC-C87134799D67"
},
{
"criteria": "cpe:2.3:a:joomla:joomla\\!:3.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5B71C854-FDCA-40C9-BB18-D7947BE81F04"
}
],
"operator": "OR"
}
]
}
]