CVE-2014-2016 — MEDIUM (4.3)

Q: How severe is CVE-2014-2016?

CVE-2014-2016 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-2016?

Check the references section above for vendor advisories and patch information. Affected products include: Oxid-Esales Eshop.

Vulnerability Description

Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and earlier, 5.0.x before 5.0.11 and 5.1.x before 5.1.4 allow remote attackers to inject arbitrary web script or HTML via the searchtag parameter to the getTag function in (1) application/controllers/details.php or (2) application/controllers/tag.php.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Oxid-Esales	Eshop	<= 4.6.8

Related Weaknesses (CWE)

CWE-79

References

http://secunia.com/advisories/57438Vendor Advisory
http://wiki.oxidforge.org/Security_bulletins/2014-001Vendor Advisory
http://secunia.com/advisories/57438Vendor Advisory
http://wiki.oxidforge.org/Security_bulletins/2014-001Vendor Advisory

FAQ

What is CVE-2014-2016?

CVE-2014-2016 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop Professional and Community Edition 4.6.8 and earlier, 4.7.x before 4.7.11, and 4.8.x before 4.8.4, and Enterprise Edition 4.6.8 and ea...

How severe is CVE-2014-2016?

CVE-2014-2016 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-2016?

Check the references section above for vendor advisories and patch information. Affected products include: Oxid-Esales Eshop.