Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login page (index.php) or (2) login form (loginform-inc.php).
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Oliver Project | Oliver | <= 1.3.1 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/136731/Oliver-1.3.0-1.3.1-Cross-Site-ScriptExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Apr/66ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/538132/100/0/threaded
- http://packetstormsecurity.com/files/136731/Oliver-1.3.0-1.3.1-Cross-Site-ScriptExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2016/Apr/66ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/538132/100/0/threaded
FAQ
What is CVE-2014-2710?
CVE-2014-2710 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login pag...
How severe is CVE-2014-2710?
CVE-2014-2710 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2710?
Check the references section above for vendor advisories and patch information. Affected products include: Oliver Project Oliver.