CVE-2014-4301

Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://secunia.com/advisories/59177	Third Party Advisory
http://www.securityfocus.com/bid/68047	Third Party Advisory VDB Entry
https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120	Exploit Patch
https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti	Exploit Patch
http://secunia.com/advisories/59177	Third Party Advisory
http://www.securityfocus.com/bid/68047	Third Party Advisory VDB Entry
https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120	Exploit Patch
https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti	Exploit Patch

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:ajenti:ajenti::::::::
	cpe:2.3:a:ajenti:ajenti:1.2.0:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.1:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.2:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.3:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.4:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.5:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.6:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.7:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.8:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.9:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.10:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.11.2:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.12:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.13:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.14:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.15:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.16:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.17:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.18:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.19:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.20:::::::*

History

21 Nov 2024, 02:09

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/59177 - Third Party Advisory~~	() http://secunia.com/advisories/59177 - Third Party Advisory
References	~~() http://www.securityfocus.com/bid/68047 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/68047 - Third Party Advisory, VDB Entry
References	~~() https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120 - Exploit, Patch~~	() https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120 - Exploit, Patch
References	~~() https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti - Exploit, Patch~~	() https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti - Exploit, Patch

Information

Published : 2014-06-18 14:55

Updated : 2024-11-21 02:09

NVD link : CVE-2014-4301

Mitre link : CVE-2014-4301

CVE.ORG link : CVE-2014-4301

JSON object : View

Products Affected

ajenti

ajenti

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10