Vulnerability Description
A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Free | Freebox Os | 3.0.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-ForExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Jun/1ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/535660/100/0/threadedExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/74936Third Party AdvisoryVDB Entry
- http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-ForExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2015/Jun/1ExploitMailing ListThird Party Advisory
- http://www.securityfocus.com/archive/1/535660/100/0/threadedExploitThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/74936Third Party AdvisoryVDB Entry
FAQ
What is CVE-2014-9405?
CVE-2014-9405 is a vulnerability with a CVSS score of 5.4 (MEDIUM). A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code...
How severe is CVE-2014-9405?
CVE-2014-9405 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-9405?
Check the references section above for vendor advisories and patch information. Affected products include: Free Freebox Os.