CVE-2015-1177
published 2017-08-28CVE-2015-1177: Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.
PriorityP422medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
1.47%
70.6th percentile
Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| exponentcms | exponent_cms | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-8175 JBoss Fuse: insufficient access permissions checks when accessing Hawtio console
bugzilla·2015-03-24·CVSS 6.0
CVE-2014-8175 [MEDIUM] CVE-2014-8175 JBoss Fuse: insufficient access permissions checks when accessing Hawtio console
CVE-2014-8175 JBoss Fuse: insufficient access permissions checks when accessing Hawtio console
It was found that JBoss Fuse would allow any user defined in the users.properties file to access the HawtIO console without having a valid admin role. This could allow a remote attacker to bypass intended authentication HawtIO console access restrictions.
Discussion:
Acknowledgements:
This issue was reported by Jay Kumar SenSharma of Red Hat.
---
This issue has been addressed in the following products:
Red Hat JBoss A-MQ 6.2.0
Via RHSA-2015:1177 https://rhn.redhat.com/errata/RHSA-2015-1177.html
---
This issue has been addressed in the following products:
Red Hat JBoss Fuse 6.2.0
Via RHSA-2015:1176 https://rhn.redhat.com/errata/RHSA-2015-1176.html
Bugzilla
CVE-2015-1796 OpenSAML Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation
bugzilla·2015-02-26·CVSS 4.3
CVE-2015-1796 [MEDIUM] CVE-2015-1796 OpenSAML Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation
CVE-2015-1796 OpenSAML Java: PKIX Trust Engines Exhibit Critical Flaw In Trusted Names Evaluation
A critical flaw has been discovered in the PKIX trust components that
allows an X509 credential to be trusted in the special case where no
trusted names are available for the given entityID.
See External References for the complete details.
External References:
http://shibboleth.net/community/advisories/secadv_20150225.txt
Discussion:
Created opensaml-java tracking bugs for this issue:
Affects: fedora-all [bug 1196628]
---
This issue has been addressed in the following products:
Red Hat JBoss A-MQ 6.2.0
Via RHSA-2015:1177 https://rhn.redhat.com/errata/RHSA-2015-1177.html
---
This issue has been addressed in the following products:
Red Hat JBoss Fuse 6.2.0
Via RHSA-2015:1176 https
http://packetstormsecurity.com/files/130058/Exponent-CMS-2.3.2-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/archive/1/534528/100/0/threadedhttp://www.securityfocus.com/bid/72274http://packetstormsecurity.com/files/130058/Exponent-CMS-2.3.2-Cross-Site-Scripting.htmlhttp://www.securityfocus.com/archive/1/534528/100/0/threadedhttp://www.securityfocus.com/bid/72274
2017-08-28
Published