Vulnerability Description
Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default URI.
CVSS Score
6.1
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cloud4Wi | Splash Portal | 5.9.6 |
Related Weaknesses (CWE)
References
- http://seclists.org/fulldisclosure/2015/Dec/48Mailing ListThird Party AdvisoryVDB Entry
- http://www.quantumleap.it/cloud4wi-splash-portal-reflected-xss-vulnerability-cveExploitThird Party Advisory
- https://cloud4wi.zendesk.com/hc/en-us/articles/204956829-Cloud4Wi-5-9-7-Release-Release NotesThird Party Advisory
- http://seclists.org/fulldisclosure/2015/Dec/48Mailing ListThird Party AdvisoryVDB Entry
- http://www.quantumleap.it/cloud4wi-splash-portal-reflected-xss-vulnerability-cveExploitThird Party Advisory
- https://cloud4wi.zendesk.com/hc/en-us/articles/204956829-Cloud4Wi-5-9-7-Release-Release NotesThird Party Advisory
FAQ
What is CVE-2015-4699?
CVE-2015-4699 is a vulnerability with a CVSS score of 6.1 (MEDIUM). Cross-site scripting (XSS) vulnerability in the Splash Portal in Cloud4Wi before 5.9.7 allows remote attackers to inject arbitrary web script or HTML via the recoveryMessage parameter to the default U...
How severe is CVE-2015-4699?
CVE-2015-4699 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4699?
Check the references section above for vendor advisories and patch information. Affected products include: Cloud4Wi Splash Portal.