| |
Vulnerability CVE-2014-7852
Published: 2014-12-11
| Description: |
Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file. |
CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.3/10 |
2.9/10 |
8.6/10 |
| Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
http://rhn.redhat.com/errata/RHSA-2014-1973.html
http://www.securitytracker.com/id/1031363
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
