V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2015-0298
DEB
Medium

Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject …

CVSS
5.2
Medium
EPSS
0.02
p76
Published
2015-01-01
Updated
2015-01-01
Description

Cross-site scripting (XSS) vulnerability in the manager web interface in mod_cluster before 1.3.2.Alpha1 allows remote attackers to inject arbitrary web script or HTML via a crafted MCMP message.

Tags · CWE
XSS
CWE-79
CAPEC-63
CAPEC-85
CAPEC-209
CAPEC-588
CAPEC-591
CAPEC-592
Affected products
Apache-commons-cli-eap6Apache-commons-cli-eap6Apache-commons-codec-eap6Apache-commons-codec-eap6Apache-commons-collections-eap6Apache-commons-collections-eap6Apache-commons-configuration-eap6Apache-commons-configuration-eap6Apache-commons-daemon-eap6Apache-commons-daemon-eap6Apache-commons-daemon-eap6Apache-commons-daemon-eap6Apache-commons-daemon-eap6Apache-commons-daemon-jsvc-eap6Apache-commons-daemon-jsvc-eap6Apache-commons-dbcp-eap6Apache-commons-dbcp-eap6Apache-commons-io-eap6Apache-commons-io-eap6Apache-commons-io-eap6
CVSS vector
AV:A/AC:L/Au:S/C:P/I:P/A:P
Timeline
2015-01-01
Published
2015-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: A
Adjacent Network (A)
Attack Complexity
AC: L
Low (L)
Authentication
Au: S
Single
Confidentiality Impact
C: P
Partial
Integrity Impact
I: P
Partial
Availability Impact
A: P
Partial
Exploit indicators
EPSS
0.018 · p76
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
apache-commons-cli-eap6Tracked
apache-commons-cli-eap6Tracked
apache-commons-codec-eap6Tracked
apache-commons-codec-eap6Tracked
apache-commons-collections-eap6Tracked
apache-commons-collections-eap6Tracked
apache-commons-configuration-eap6Tracked
apache-commons-configuration-eap6Tracked
apache-commons-daemon-eap6Tracked
apache-commons-daemon-eap6Tracked
apache-commons-daemon-eap6Tracked
apache-commons-daemon-eap6Tracked
apache-commons-daemon-eap6Tracked
apache-commons-daemon-jsvc-eap6Tracked
apache-commons-daemon-jsvc-eap6Tracked
apache-commons-dbcp-eap6Tracked
apache-commons-dbcp-eap6Tracked
apache-commons-io-eap6Tracked
apache-commons-io-eap6Tracked
apache-commons-io-eap6Tracked
Showing first 20 of 595
Source databases
DEB
CVE
RED