文豆 & 文库

行者路上有風有雨有彩虹:

CVE-2014-8752 JCE-Tech "Video Niche Script" XSS (Cross-Site Scripting) Security Vulnerability


Exploit Title: JCE-Tech "Video Niche Script" /view.php Multiple Parameters XSS

Product: "Video Niche Script"

Vendor:JCE-Tech

Vulnerable Versions: 4.0

Tested Version: 4.0

Advisory Publication: Nov 18, 2014

Latest Update:Nov 18, 2014

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-8752

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]


http://tetraph.blog.163.com/blog/static/234603051201511095716471/

评论

热度(17)