Vulnerability Details CVE-2014-8674
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.3%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
- http://seclists.org/fulldisclosure/2015/Jul/44
- http://www.securityfocus.com/bid/75726
- https://www.exploit-db.com/exploits/37604/
- http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html
- http://seclists.org/fulldisclosure/2015/Jul/44
- http://www.securityfocus.com/bid/75726
- https://www.exploit-db.com/exploits/37604/
Products affected by CVE-2014-8674
-
cpe:2.3:a:soplanning:soplanning:-
-
cpe:2.3:a:soplanning:soplanning:0.9
-
cpe:2.3:a:soplanning:soplanning:0.91
-
cpe:2.3:a:soplanning:soplanning:0.92
-
cpe:2.3:a:soplanning:soplanning:0.922
-
cpe:2.3:a:soplanning:soplanning:0.923
-
cpe:2.3:a:soplanning:soplanning:0.924
-
cpe:2.3:a:soplanning:soplanning:0.925
-
cpe:2.3:a:soplanning:soplanning:1.04
-
cpe:2.3:a:soplanning:soplanning:1.05
-
cpe:2.3:a:soplanning:soplanning:1.06
-
cpe:2.3:a:soplanning:soplanning:1.07
-
cpe:2.3:a:soplanning:soplanning:1.08
-
cpe:2.3:a:soplanning:soplanning:1.10
-
cpe:2.3:a:soplanning:soplanning:1.12
-
cpe:2.3:a:soplanning:soplanning:1.13
-
cpe:2.3:a:soplanning:soplanning:1.14
-
cpe:2.3:a:soplanning:soplanning:1.15
-
cpe:2.3:a:soplanning:soplanning:1.16
-
cpe:2.3:a:soplanning:soplanning:1.18
-
cpe:2.3:a:soplanning:soplanning:1.19
-
cpe:2.3:a:soplanning:soplanning:1.20
-
cpe:2.3:a:soplanning:soplanning:1.21
-
cpe:2.3:a:soplanning:soplanning:1.22
-
cpe:2.3:a:soplanning:soplanning:1.23
-
cpe:2.3:a:soplanning:soplanning:1.24
-
cpe:2.3:a:soplanning:soplanning:1.25
-
cpe:2.3:a:soplanning:soplanning:1.26
-
cpe:2.3:a:soplanning:soplanning:1.27
-
cpe:2.3:a:soplanning:soplanning:1.28
-
cpe:2.3:a:soplanning:soplanning:1.29
-
cpe:2.3:a:soplanning:soplanning:1.30
-
cpe:2.3:a:soplanning:soplanning:1.31
-
cpe:2.3:a:soplanning:soplanning:1.32