CVE-2014-3497

CWE-79Cross-site Scripting (XSS)10 documents8 sources
Severity
4.3MEDIUM
EPSS
0.4%
top 36.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Openstack Swift
Timeline
PublishedJul 3
Latest updateMay 17

Description

Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

NVDopenstack/swift4 versions+3
PyPIswift1.11.02.0.0
Debianswift< 1.13.1-1+3

🔴Vulnerability Details

4
GHSA
OpenStack Swift Cross-site Scriping vulnerability2022-05-17
OSV
OpenStack Swift Cross-site Scriping vulnerability2022-05-17
OSV
CVE-2014-3497: Cross-site scripting (XSS) vulnerability in OpenStack Swift 12014-07-03
CVEList
CVE-2014-3497: Cross-site scripting (XSS) vulnerability in OpenStack Swift 12014-07-03

📋Vendor Advisories

3
Ubuntu
Swift vulnerability2014-06-25
Red Hat
openstack-swift: XSS in Swift requests through WWW-Authenticate header2014-06-19
Debian
CVE-2014-3497: swift - Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13....2014

💬Community

2
Bugzilla
CVE-2014-3497 openstack-swift: XSS in Swift requests through WWW-Authenticate header [epel-6]2014-06-26
Bugzilla
CVE-2014-3497 openstack-swift: XSS in Swift requests through WWW-Authenticate header2014-06-18
CVE-2014-3497 (MEDIUM CVSS 4.3) | Cross-site scripting (XSS) vulnerab | cvebase.io