CVE-2014-3650

CWE-79 — Cross-site Scripting (XSS)4 documents4 sources

Severity

5.4MEDIUM

EPSS

0.2%

top 63.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Jboss Aerogear

Timeline

PublishedJul 1

Latest updateJul 2

Description

Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with specially crafted input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:NExploitability: 2.3 | Impact: 2.7

Affected Packages2 packages

▶CVEListV5jboss_aerogearJboss Aerogear 1.0.0.final

▶NVDredhat/jboss_aerogear1.0.0

🔴Vulnerability Details

GHSA

GHSA-mc44-gpw6-529m: Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content↗2022-07-02

▶

CVEList

CVE-2014-3650: Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content↗2022-07-01

▶

💬Community

Bugzilla

CVE-2014-3650 JBoss AeroGear: stored XSS via deviceToken↗2014-09-19

▶