CVSS: 6.8EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4188
https://notcve.org/view.php?id=CVE-2014-4188
Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Vulnerabilidad de CSRF en Hitachi Tuning Manager anterior a 7.6.1-06 y 8.x anterior a 8.0.0-04 y JP1/Performance Management - Manager Web Option 07-00 hasta 07-54 permite a atacantes remotos secuestrar la autenticación de victimas no especificadas a través de vectores desconocidos. • http://secunia.com/advisories/58528 http://secunia.com/advisories/58899 http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html http://www.securityfocus.com/bid/68015 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 13EXPL: 0CVE-2014-4189
https://notcve.org/view.php?id=CVE-2014-4189
Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager before 7.6.1-06 and 8.x before 8.0.0-04 and JP1/Performance Management - Manager Web Option 07-00 through 07-54 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de XSS en Hitachi Tuning Manager anterior a 7.6.1-06 y 8.x anterior a 8.0.0-04 y JP1/Performance Management - Manager Web Option 07-00 hasta 07-54 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/58528 http://secunia.com/advisories/58899 http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-013/index.html http://www.securityfocus.com/bid/68015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •