CVE-2014-4693

{"id": "CVE-2014-4693", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-07-02T10:35:26.080", "references": [{"url": "https://pfsense.org/security/advisories/pfSense-SA-14_13.packages.asc", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the Snort package before 3.0.13 for pfSense through 2.1.4 allow remote attackers to inject arbitrary web script or HTML via (1) the eng parameter to snort_import_aliases.php or (2) unspecified variables to snort_select_alias.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en el paquete Snort anterior a 3.0.13 para pfSense hasta 2.1.4 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de (1) el par\u00e1metro eng en snort_import_aliases.php o (2) variables no especificadas en snort_select_alias.php."}], "lastModified": "2019-05-30T14:57:55.027", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:netgate:pfsense:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41DC67D8-85E8-41E4-9BC2-86AF017CC779", "versionEndIncluding": "2.1.4"}, {"criteria": "cpe:2.3:a:netgate:pfsense:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CAA13A8-3B1E-4848-AB59-E385BC37E4E5"}, {"criteria": "cpe:2.3:a:pfsense:snort_package:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80DAF1D7-AE85-4CA8-8F49-5D3B1496F520", "versionEndIncluding": "3.0.12"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}