Vulnerability Description
Cross-site scripting (XSS) vulnerability in json.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz allows remote we servers to inject arbitrary web script or HTML via the max_date parameter.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| French National Commission On Informatics And Liberty | Cookieviz | - |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/128960/CNIL-CookieViz-Cross-Site-Scripting-Exploit
- http://seclists.org/fulldisclosure/2014/Nov/3Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98452
- https://github.com/LaboCNIL/CookieViz/commit/489b6050f6c53fe7b24c4bed3eeb9c25543Patch
- http://packetstormsecurity.com/files/128960/CNIL-CookieViz-Cross-Site-Scripting-Exploit
- http://seclists.org/fulldisclosure/2014/Nov/3Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98452
- https://github.com/LaboCNIL/CookieViz/commit/489b6050f6c53fe7b24c4bed3eeb9c25543Patch
FAQ
What is CVE-2014-8352?
CVE-2014-8352 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in json.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz allows remote we servers to inject arbitrary web script or HTML via t...
How severe is CVE-2014-8352?
CVE-2014-8352 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-8352?
Check the references section above for vendor advisories and patch information. Affected products include: French National Commission On Informatics And Liberty Cookieviz.