CVE-2014-0149 — Cross-site Scripting in Redhat Jboss WEB Framework KIT

CWE-79 — Cross-site Scripting5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 50.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss WEB Framework KIT

Timeline

PublishedMay 5

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/jboss_web_framework_kit2.5.0

🔴Vulnerability Details

GHSA

GHSA-mp35-7mg4-6p8r: Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2↗2022-05-17

▶

CVEList

CVE-2014-0149: Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2↗2014-05-05

▶

📋Vendor Advisories

Red Hat

Seam: XSS flaw in remoting↗2014-05-01

▶

💬Community

Bugzilla

CVE-2014-0149 JBoss Seam: XSS flaw in remoting↗2014-03-20

▶