NVD

Id
29824  
Name
CVE-2014-100004  
Description
Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web script or HTML via the xmlcontrol parameter to the default URI. NOTE: some of these details are obtained from third party information.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-01-13  
Modified Date
2015-01-13  
Seq
2014-100004  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
157455 29824 CVE-2014-100004 http://sitecorekh.blogspot.dk/2014/01/sitecore-releases-70-update-4-rev-140120.html  View
157456 29824 CVE-2014-100004 20140129 SiteCore XML Control Script Insertion  View
157457 29824 CVE-2014-100004 65254  View
157458 29824 CVE-2014-100004 sitecore-xmlcontrol-xss(90833)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
18725 JVNDB-2014-007600 Sitecore CMS におけるクロスサイトスクリプティングの脆弱性 Sitecore CMS には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-100004 68406 CVE-2014-100004 29824 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007600.html 2014-01-22 2015-01-15 View