CVE-2014-8658

{"id": "CVE-2014-8658", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-06T15:55:11.350", "references": [{"url": "http://demo.refinedwiki.com/display/rwot/Version+4.0.12", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://packetstormsecurity.com/files/128907/Confluence-RefinedWiki-Original-Theme-Cross-Site-Scripting.html", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://seclists.org/fulldisclosure/2014/Oct/126", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/533845/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/70798", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98401", "source": "cve@mitre.org"}, {"url": "https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20141029-1_RefinedWiki-OriginalTheme_Persistent-Cross-Site-Scripting_v10.txt", "tags": ["Exploit"], "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme 3.x before 3.5.13 and 4.x before 4.0.12 for Confluence allows remote authenticated users with permissions to create or edit content to inject arbitrary web script or HTML via the versionComment parameter to pages/doeditpage.action."}, {"lang": "es", "value": "Vulnerabilidad de XSS en RefinedWiki Original Theme 3.x anterior a 3.5.13 y 4.x anterior a 4.0.12 para Confluence permite a usuarios remotos autenticados con permisos para crear o editar contenido inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro versionComment en pages/doeditpage.action."}], "lastModified": "2018-10-09T19:54:25.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:3.5:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "70B90D75-0231-45A2-A87D-4B4941CB5400"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:3.5.1:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "574F33B9-AB1B-445B-ADCD-66D8E5039E24"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:3.5.2:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "FCE7779B-21E0-4BF4-B4EA-203F6AE26478"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:3.5.3:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "C7D3D25F-D512-409F-8A85-272285A79423"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:3.5.4:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "9F9ACCB2-8FE0-4824-9B4D-48CE91E9BD53"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:3.5.5:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "6119640D-0B18-4B4B-9316-A782471916C4"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:3.5.6:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "FEEB750F-35FF-4BC0-9203-4BA1E732FC16"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:3.5.7:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "25E0DD90-C597-4AF6-8FB7-1A54016E2C61"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:3.5.8:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "F220881C-B809-49A9-B9F1-0FE3EB64AE2F"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:3.5.9:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "FE394B25-E5A3-4AA5-B299-697D62165A08"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:3.5.10:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "52A290B2-86E3-49DC-94D7-10DF22BA3C64"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:3.5.11:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "BCB034B0-510D-49CB-A59F-98468AE00F0F"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:3.5.12:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "23889179-06A2-4C28-9DD4-15B064FFC397"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:3.5.13:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "5BD19E98-CF8F-4568-9D32-F78B600145B5"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:4.0:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "77771597-4758-4686-84A4-93002559AC86"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:4.0.1:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "702ECEF9-62C5-47B5-8480-197E8508DC27"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:4.0.2:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "8AE6CBEA-B5AC-4249-8C29-1CC1F178759D"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:4.0.3:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "ADF40189-BF9E-4D03-8702-35309FD8BC1D"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:4.0.4:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "D26ED02D-9679-4D07-BEF4-72CC1D162D04"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:4.0.5:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "EF403433-A553-49BB-95A0-D516D0958E7A"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:4.0.6:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "E956C55B-402C-4C32-A775-2DAE927FE7D3"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:4.0.7:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "C25ADD46-836F-400F-86B6-8527F6E5713B"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:4.0.8:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "D9EBF426-A3F5-4634-B48F-D0BE52969F2B"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:4.0.9:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "66E21CFD-2BA6-4950-A454-52DD56BE4629"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:4.0.10:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "B4311F58-A0AF-41D0-ACBE-6990D6EA901D"}, {"criteria": "cpe:2.3:a:refinedwiki:refinedwiki_original_theme:4.0.11:*:*:*:*:confluence:*:*", "vulnerable": true, "matchCriteriaId": "A04F8A1B-5363-41ED-90A5-A0F6556AFBDE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}