Vulnerability Details : CVE-2014-1612
Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2014-1612
Probability of exploitation activity in the next 30 days: 0.31%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 67 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-1612
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-1612
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1612
-
http://www.securityfocus.com/bid/65108
Mediatrix 4402 Web Management Interface 'login' Page Cross Site Scripting Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/90656
Mediatrix Web Management interface login.esp cross-site scripting CVE-2014-1612 Vulnerability Report
-
http://www.kb.cert.org/vuls/id/252294
VU#252294 - Mediatrix 4402 digital gateway web interface contains a cross-site scripting (XSS) vulnerabilityUS Government Resource
-
http://www.securityfocus.com/archive/1/530871/100/0/threaded
SecurityFocus
-
http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html
Mediatrix 4402 Cross Site Scripting ≈ Packet Storm
Products affected by CVE-2014-1612
- cpe:2.3:a:media5:mediatrix_voip_gateway_4402_firmware:dgw_1.1.13.186:*:*:*:*:*:*:*
- cpe:2.3:h:media5:mediatrix_voip_gateway:4402:*:*:*:*:*:*:*