Vulnerability Details CVE-2014-8752
Multiple cross-site scripting (XSS) vulnerabilities in view.php in JCE-Tech PHP Video Script (aka Video Niche Script) 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) video or (2) title parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 48.7%
CVSS Severity
CVSS v2 Score 4.3
References
- http://seclists.org/fulldisclosure/2014/Dec/84
- http://tetraph.com/security/cves/cve-2014-8752-jce-tech-video-niche-script-xss-cross-site-scripting-security-vulnerability/
- http://www.securityfocus.com/bid/71738
- http://seclists.org/fulldisclosure/2014/Dec/84
- http://tetraph.com/security/cves/cve-2014-8752-jce-tech-video-niche-script-xss-cross-site-scripting-security-vulnerability/
- http://www.securityfocus.com/bid/71738
Products affected by CVE-2014-8752
-
cpe:2.3:a:jce-tech:video_niche_script:4.0