JCE-Tech 4.0 Cross Site Scripting

2014.12.20
Credit: Wang Jing
Risk: Low
Local: No
Remote: Yes
CWE: CWE-79


Ogólna skala CVSS: 4.3/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 8.6/10
Wymagany dostęp: Zdalny
Złożoność ataku: Średnia
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

*CVE-2014-8752 JCE-Tech "Video Niche Script" XSS (Cross-Site Scripting) Security Vulnerability* Exploit Title: JCE-Tech "Video Niche Script" /view.php Multiple Parameters XSS Product: "Video Niche Script" Vendor: JCE-Tech Vulnerable Versions: 4.0 Tested Version: 4.0 Advisory Publication: Nov 18, 2014 Latest Update: Nov 18, 2014 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-8752 Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore] *Advisory Details:* *(1) Vendor URL:* http://jce-tech.com/products/ *Product Description:* "The PHP Video Script instantly creates a niche video site based on keywords users control via the admin console. The videos are displayed on users' site, but streamed from the YouTube servers." *(2) Vulnerability Details.* JCE-Tech "Video Niche Script" is vulnerable to XSS attacks. *(2.1)* The vulnerability occurs at "view.php" page with "video", "title" parameters. *References:* http://tetraph.com/security/cves/cve-2014-8752-jce-tech-video-niche-script-xss-cross-site-scripting-security-vulnerability/ https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8752

Referencje:

http://jce-tech.com/products/
http://tetraph.com/security/cves/cve-2014-8752-jce-tech-video-niche-script-xss-cross-site-scripting-security-vulnerability/
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8752


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top