NVD

Id
31863  
Name
CVE-2014-3737  
Description
Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to brand.php, related to the currencyUrl function.  
Reject
 
CVSS Version
2  
CVSS Score
2.6  
Severity
Low  
CVSS Base Score
2.6  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
4.9  
CVSS Vector
(AV:N/AC:H/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2014-07-02  
Modified Date
2014-08-04  
Seq
2014-3737  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
168048 31863 CVE-2014-3737 http://packetstormsecurity.com/files/127221/Storesprite-7-Cross-Site-Scripting.html  View
168049 31863 CVE-2014-3737 20140625 Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite  View
168050 31863 CVE-2014-3737 68197  View
168051 31863 CVE-2014-3737 http://www.storesprite.com/docs/26/htb23215_xss_vulnerability/  View
168052 31863 CVE-2014-3737 https://www.htbridge.com/advisory/HTB23215  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
14280 JVNDB-2014-003155 Lamp Design Storesprite の templates/defaultheader.php におけるクロスサイトスクリプティングの脆弱性 Lamp Design Storesprite の templates/defaultheader.php には、currencyUrl 関数に関する処理に不備があるため、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2014-3737 71025 CVE-2014-3737 31863 2.6 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-003155.html 2014-06-19 2014-07-07 View