Vulnerability Details CVE-2014-9405
A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.3%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 3.5
References
- http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2015/Jun/1
- http://www.securityfocus.com/archive/1/535660/100/0/threaded
- http://www.securityfocus.com/bid/74936
- http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html
- http://seclists.org/fulldisclosure/2015/Jun/1
- http://www.securityfocus.com/archive/1/535660/100/0/threaded
- http://www.securityfocus.com/bid/74936
Products affected by CVE-2014-9405
-
cpe:2.3:a:free:freebox_os:3.0.2