CVE-2014-4301

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page.

References

http://secunia.com/advisories/59177

http://www.securityfocus.com/bid/68047

https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120

https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti

Details

Source: MITRE

Published: 2014-06-18

Updated: 2016-09-06

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
78540Oracle Database Multiple Vulnerabilities (October 2014 CPU)NessusDatabases
high