CVE-2014-2236 : Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary w

Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) tag or (2) user search forms.

Published 2014-03-05 16:37:41

Updated 2015-07-30 14:57:22

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: Cross site scripting (XSS)

Exploit prediction scoring system (EPSS) score for CVE-2014-2236

Probability of exploitation activity in the next 30 days: 0.27%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 64 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-2236

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2014-2236

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-2236

https://github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2#diff-b693b4c02739be4b3231bece15b0eb87

added instant search to the tags page · ASKBOT/askbot-devel@876e366 · GitHub
Exploit;Patch
http://www.securityfocus.com/bid/65885

Askbot Multiple Cross Site Scripting Vulnerabilities

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1070852

1070852 – (CVE-2014-2235, CVE-2014-2236) CVE-2014-2235 CVE-2014-2236 askbot: multiple XSS issues fixed in 0.7.49

CVEs referencing this url
https://github.com/ASKBOT/askbot-devel/commit/a676a86b6b7a5737d4da4f59f71e037406f88d29

fixed some xss issues · ASKBOT/askbot-devel@a676a86 · GitHub
Exploit;Patch
http://www.openwall.com/lists/oss-security/2014/02/28/8

oss-security - Re: CVE request: askbot xss

CVEs referencing this url

Products affected by CVE-2014-2236

Askbot » Askbot
Versions up to, including, (<=) 0.7.48
cpe:2.3:a:askbot:askbot:*:*:*:*:*:*:*:*
Matching versions
Askbot » Askbot » Version: 0.7.47
cpe:2.3:a:askbot:askbot:0.7.47:*:*:*:*:*:*:*
Matching versions
Askbot » Askbot » Version: 0.7.46
cpe:2.3:a:askbot:askbot:0.7.46:*:*:*:*:*:*:*
Matching versions
Askbot » Askbot » Version: 0.7.41
cpe:2.3:a:askbot:askbot:0.7.41:*:*:*:*:*:*:*
Matching versions
Askbot » Askbot » Version: 0.7.40
cpe:2.3:a:askbot:askbot:0.7.40:*:*:*:*:*:*:*
Matching versions
Askbot » Askbot » Version: 0.7.45
cpe:2.3:a:askbot:askbot:0.7.45:*:*:*:*:*:*:*
Matching versions
Askbot » Askbot » Version: 0.7.43
cpe:2.3:a:askbot:askbot:0.7.43:*:*:*:*:*:*:*
Matching versions
Askbot » Askbot » Version: 0.7.44
cpe:2.3:a:askbot:askbot:0.7.44:*:*:*:*:*:*:*
Matching versions
Askbot » Askbot » Version: 0.7.42
cpe:2.3:a:askbot:askbot:0.7.42:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2014-2236

Exploit prediction scoring system (EPSS) score for CVE-2014-2236

CVSS scores for CVE-2014-2236

CWE ids for CVE-2014-2236

References for CVE-2014-2236

Products affected by CVE-2014-2236