Vulnerability Details CVE-2014-3887
Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk with firmware before 1.05e1-2.0.5 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: This vulnerability exists because of an incomplete fix for CVE-2013-4713.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.2%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
Products affected by CVE-2014-3887
-
cpe:2.3:h:iodata:rockdisk:-
-
cpe:2.3:o:iodata:rockdisk_firmware:1.03v3-1.13
-
cpe:2.3:o:iodata:rockdisk_firmware:1.03w-1.14
-
cpe:2.3:o:iodata:rockdisk_firmware:1.03y-1.16
-
cpe:2.3:o:iodata:rockdisk_firmware:1.04a-1.2
-
cpe:2.3:o:iodata:rockdisk_firmware:1.04b-1.21
-
cpe:2.3:o:iodata:rockdisk_firmware:1.04d-2.0.1
-
cpe:2.3:o:iodata:rockdisk_firmware:1.04m-2.0.1
-
cpe:2.3:o:iodata:rockdisk_firmware:1.04n-2.0.1
-
cpe:2.3:o:iodata:rockdisk_firmware:1.04r3-2.0.1
-
cpe:2.3:o:iodata:rockdisk_firmware:1.04t-2.0.2
-
cpe:2.3:o:iodata:rockdisk_firmware:1.05c-2.0.3
-
cpe:2.3:o:iodata:rockdisk_firmware:1.05e1-2.0.5