Vulnerability Details CVE-2014-10398
Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) DICTIONARY, (2) FILTERIDENT, (3) FROMSCHEME, (4) FromPoint, or (5) FName_0 parameter and a valid sid parameter value.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.9%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
Products affected by CVE-2014-10398
-
cpe:2.3:a:bssys:rbs_bs-client._retail_client:-
-
cpe:2.3:a:bssys:rbs_bs-client._retail_client:2.4
-
cpe:2.3:a:bssys:rbs_bs-client._retail_client:2.5