CVE-2014-4722

MEDIUM
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports Web Interface in OCS Inventory NG allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

References

http://packetstormsecurity.com/files/127295/OCS-Inventory-NG-Cross-Site-Scripting.html

http://www.securityfocus.com/archive/1/532664/100/0/threaded

http://www.securityfocus.com/bid/68292

Details

Source: MITRE

Published: 2014-07-07

Updated: 2018-10-09

Type: CWE-79

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (3 total)

IDNameProductFamilySeverity
77075Mandriva Linux Security Advisory : ocsinventory (MDVSA-2014:156)NessusMandriva Local Security Checks
medium
76609Fedora 20 : ocsinventory-2.0.5-8.fc20 (2014-8227)NessusFedora Local Security Checks
medium
76608Fedora 19 : ocsinventory-2.0.5-8.fc19 (2014-8218)NessusFedora Local Security Checks
medium