NVD

Id
30974  
Name
CVE-2014-2577  
Description
Multiple cross-site scripting (XSS) vulnerabilities in the Transform Content Center in Bottomline Technologies Transform Foundation Server before 4.3.1 Patch 8 and 5.x before 5.2 Patch 7 allow remote attackers to inject arbitrary web script or HTML via the (1) pn parameter to index.fsp/document.pdf, (2) db or (3) referer parameter to index.fsp/index.fsp, or (4) PATH_INFO to the default URI.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-06-05  
Modified Date
2015-08-10  
Seq
2014-2577  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
162862 30974 CVE-2014-2577 http://packetstormsecurity.com/files/126907/Transform-Foundation-Server-4.3.1-5.2-Cross-Site-Scripting.html  View
162863 30974 CVE-2014-2577 20140604 [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies  View
162864 30974 CVE-2014-2577 http://www.pdf-archive.com/2014/06/03/tf431patch8releasenotes/preview/page/9  View
162865 30974 CVE-2014-2577 http://www.pdf-archive.com/2014/06/03/tf52patch7releasenotes/preview/page/14  View
162866 30974 CVE-2014-2577 20140603 [CVE-2014-2577] XSS on Transform Foundation Server 4.3.1 and 5.2 from Bottomline Technologies  View
162867 30974 CVE-2014-2577 67810  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
13886 JVNDB-2014-002761 Bottomline Technologies Transform Foundation Server の Transform Content Center におけるクロスサイトスクリプティングの脆弱性 Bottomline Technologies Transform Foundation Server の Transform Content Center には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-2577 69864 CVE-2014-2577 30974 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-002761.html 2014-06-03 2014-06-06 View