CVE-2014-4075
published 2014-10-15CVE-2014-4075: Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to…
PriorityP427medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
20.16%
97.1th percentile
Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted web page, aka "MVC XSS Vulnerability."
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | asp.net_model_view_controller | — | — |
| microsoft | asp.net_model_view_controller | — | — |
| microsoft | asp.net_model_view_controller | — | — |
| microsoft | asp.net_model_view_controller | — | — |
| microsoft | asp.net_model_view_controller | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Talos
Microsoft Update Tuesday October 2014: Fixes for 4 0-day Vulnerabilities
blogs_talos·2014-10-14·CVSS 7.8
[HIGH] Microsoft Update Tuesday October 2014: Fixes for 4 0-day Vulnerabilities
## Microsoft Update Tuesday October 2014: Fixes for 4 0-day Vulnerabilities
This post was authored by Yves Younan
Microsoft Tuesday is here once again and this month they are releasing a total of eight bulletins. Three of which are rated as critical, while the remaining five are rated as important. There’s a total of 24 CVEs this month, 20 of which were privately disclosed to Microsoft and four which are either publicly known or under active attack, making them 0-day vulnerabilities. Of those four, two are being actively attacked, while two have been publicly disclosed but do not seem to be under attack for supported software. Of the 24 CVEs, 15 are categorized as allowing remote code execution, four as elevation of privilege and three as security feature bypasses.
The first bulletin is
Talos
Microsoft Update Tuesday October 2014: Fixes for 4 0-day Vulnerabilities
blogs_talos·2014-10-14·CVSS 4.3
[MEDIUM] Microsoft Update Tuesday October 2014: Fixes for 4 0-day Vulnerabilities
This post was authored by Yves Younan
Microsoft Tuesday is here once again and this month they are releasing a total of eight bulletins. Three of which are rated as critical, while the remaining five are rated as important. There’s a total of 24 CVEs this month, 20 of which were privately disclosed to Microsoft and four which are either publicly known or under active attack, making them 0-day vulnerabilities. Of those four, two are being actively attacked, while two have been publicly disclosed but do not seem to be under attack for supported software. Of the 24 CVEs, 15 are categorized as allowing remote code execution, four as elevation of privilege and three as security feature bypasses.
The first bulletin is MS14-056 and is the IE bulletin. There’s a total of 14 CVEs and it is rated
Zscaler
Zscaler found Multiple Security Vulnerabilities | 10-14-2014
blogs_zscaler·CVSS 8.8
[HIGH] Zscaler found Multiple Security Vulnerabilities | 10-14-2014
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspxhttp://secunia.com/advisories/60971http://www.securityfocus.com/bid/70352http://www.securitytracker.com/id/1031023https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059http://blogs.technet.com/b/srd/archive/2014/10/14/accessing-risk-for-the-october-2014-security-updates.aspxhttp://secunia.com/advisories/60971http://www.securityfocus.com/bid/70352http://www.securitytracker.com/id/1031023https://docs.microsoft.com/en-us/security-updates/securitybulletins/2014/ms14-059
2014-10-15
Published