CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-2689

Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to installer/index.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 48.6%

CVSS Severity

CVSS v2 Score 4.3

References

http://www.securityfocus.com/archive/1/532048/100/0/threaded
http://www.securityfocus.com/bid/66657
https://www.htbridge.com/advisory/HTB23210
http://www.securityfocus.com/archive/1/532048/100/0/threaded
http://www.securityfocus.com/bid/66657
https://www.htbridge.com/advisory/HTB23210

Products affected by CVE-2014-2689

Slashes&dots » Offria » Version: Any

cpe:2.3:a:slashes&dots:offria:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-2689

Products

Pricing

Contact Us