Vulnerability Details CVE-2014-100010
Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.2%
CVSS Severity
CVSS v2 Score 4.3
References
- http://seclists.org/fulldisclosure/2014/Mar/73
- http://secunia.com/advisories/57306
- http://www.securityfocus.com/archive/1/531373/100/0/threaded
- http://www.securityfocus.com/bid/66058
- https://www.httpcs.com/advisory/httpcs127
- http://seclists.org/fulldisclosure/2014/Mar/73
- http://secunia.com/advisories/57306
- http://www.securityfocus.com/archive/1/531373/100/0/threaded
- http://www.securityfocus.com/bid/66058
- https://www.httpcs.com/advisory/httpcs127
Products affected by CVE-2014-100010
-
cpe:2.3:a:csphere:clansphere:2011.4