CVE-2014-125078

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-125078
A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The patch is identified as 32a7b713468161282f2ea01d5e2faff980d924cd. It is recommended to apply a patch to fix this issue. VDB-218354 is the identifier assigned to this vulnerability.

5.4 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.3 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/yanheven/console/commit/32a7b713468161282f2ea01d5e2faff980d924cd Patch
https://vuldb.com/?ctiid.218354 Permissions Required Third Party Advisory
https://vuldb.com/?id.218354 Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:horizon_project:horizon:*:*:*:*:*:*:*:*
History

08 Dec 2023, 20:25

Type Values Removed Values Added
References (MISC) https://vuldb.com/?id.218354 - Permissions Required, Third Party Advisory (MISC) https://vuldb.com/?id.218354 - Third Party Advisory

07 Nov 2023, 02:18

Type Values Removed Values Added
CWE CWE-79

20 Oct 2023, 07:15

Type Values Removed Values Added
Summary A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The name of the patch is 32a7b713468161282f2ea01d5e2faff980d924cd. It is recommended to apply a patch to fix this issue. VDB-218354 is the identifier assigned to this vulnerability. A vulnerability was found in yanheven console and classified as problematic. Affected by this issue is some unknown functionality of the file horizon/static/horizon/js/horizon.instances.js. The manipulation leads to cross site scripting. The attack may be launched remotely. The patch is identified as 32a7b713468161282f2ea01d5e2faff980d924cd. It is recommended to apply a patch to fix this issue. VDB-218354 is the identifier assigned to this vulnerability.
CWE CWE-79
Information

Published : 2023-01-15 09:15

Updated : 2024-05-17 00:58

NVD link : CVE-2014-125078

Mitre link : CVE-2014-125078

JSON object : View

Products Affected

horizon_project

  • horizon
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')