CVE-2014-9405

CVE-2014-9405

EPSS 1.5%

A Cross-Site Scripting (XSS) vulnerability exists in the description field of an Download RSS item or Contacts in Freebox OS Web interface 3.0.2, which allows malicious users to execute arbitrary code.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://packetstormsecurity.com/files/132121/FreeBox-3.0.2-Cross-Site-Request-Forgery-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2015/Jun/1 http://www.securityfocus.com/archive/1/535660/100/0/threaded http://www.securityfocus.com/bid/74936