Vulnerability Details : CVE-2014-5259
Cross-site scripting (XSS) vulnerability in cattranslate.php in the CatTranslate JQuery plugin in BlackCat CMS 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2014-5259
Probability of exploitation activity in the next 30 days: 0.23%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 60 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-5259
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-5259
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-5259
-
http://packetstormsecurity.com/files/128141/BlackCat-CMS-1.0.3-Cross-Site-Scripting.html
BlackCat CMS 1.0.3 Cross Site Scripting ≈ Packet StormExploit
-
https://www.htbridge.com/advisory/HTB23228
Reflected Cross-Site Scripting (XSS) in BlackCat CMS - HTB23228 Security Advisory | ImmuniWebExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95717
BlackCat CMS cattranslate.php cross-site scripting CVE-2014-5259 Vulnerability Report
-
http://www.securityfocus.com/bid/69551
BlackCat CMS 'cattranslate.php' Cross Site Scripting VulnerabilityExploit
-
http://www.securityfocus.com/archive/1/533336/100/0/threaded
SecurityFocus
-
http://forum.blackcat-cms.org/viewtopic.php?f=2&t=263
Security Problem mit jQuery Plugin cattranslate - BlackCat CMS ForumPatch
Products affected by CVE-2014-5259
- cpe:2.3:a:blackcat-cms:blackcat_cms:*:*:*:*:*:*:*:*