National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

CVE-2014-3884 Detail

Description

Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924.

Source:  MITRE
Description Last Modified:  07/20/2014

Impact

CVSS v2.0 Severity and Metrics:

Base Score: 4.3 MEDIUM
Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N) (V2 legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6


Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (AU): None
Confidentiality (C): None
Integrity (I): Partial
Availability (A): None
Additional Information:
Victim must voluntarily interact with attack mechanism
Allows unauthorized modification

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

Hyperlink Resource
http://jvn.jp/en/jp/JVN92737498/index.html Vendor Advisory
http://jvndb.jvn.jp/jvndb/JVNDB-2014-000058 Vendor Advisory

Technical Details

Vulnerability Type (View All)

  • Cross-Site Scripting (XSS) (CWE-79)

Known Affected Software Configurations Switch to CPE 2.3

Configuration 1 ( hide )
 cpe:/a:webmin:usermin:0.4
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:0.5
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:0.6
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:0.7
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:0.80
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:0.90
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:0.910
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:0.929
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:0.930
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:0.940
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:0.950
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:0.960
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:0.970
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:0.980
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:0.990
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.000
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.010
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.020
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.030
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.040
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.050
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.051
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.060
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.070
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.080
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.090
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.100
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.110
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.120
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.130
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.140
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.150
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.160
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.170
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.180
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.190
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.200
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.210
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.220
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.230
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.240
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.250
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.260
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.270
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.280
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.290
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.300
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.310
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.320
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.330
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.340
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.350
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.360
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.370
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.380
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.390
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.400
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.410
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.420
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.430
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.440
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.450
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.460
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.470
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.480
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.490
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.500
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.510
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.520
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.530
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.540
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.550
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.560
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.570
     Show Matching CPE(s)
 cpe:/a:webmin:usermin:1.580
     Show Matching CPE(s)
 cpe:/a:webmin:usermin
     Show Matching CPE(s)
Up to (including)
1.590


Change History

1 change record found - show changes

Quick Info

CVE Dictionary Entry:
CVE-2014-3884
NVD Published Date:
07/20/2014
NVD Last Modified:
07/22/2014