CVE-2014-1620

{"id": "CVE-2014-1620", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-01-21T15:17:12.760", "references": [{"url": "http://osvdb.org/101844", "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/124681/Hiox-Guest-Book-5.0-Cross-Site-Scripting.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/64683", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90156", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/101844", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://packetstormsecurity.com/files/124681/Hiox-Guest-Book-5.0-Cross-Site-Scripting.html", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/64683", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90156", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in add.php in HIOX Guest Book (HGB) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name1, (2) email, or (3) cmt parameter."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de cross-site scripting (XSS) en add.php en HIOX Guest Book (HGB) 5.0 permiten a atacantes remotos inyectar scripts web o HTML arbitrarios a trav\u00e9s de los par\u00e1metros (1) name1, (2) email, o (3) cmt."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:hiox:hiox_guest_book:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3164A171-E5DF-4205-A24A-767F210CA053"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}