CVE-2014-5348
https://notcve.org/view.php?id=CVE-2014-5348
Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in Riverbed Stingray (aka SteelApp) Traffic Manager Virtual Appliance 9.6 patchlevel 9620140312 allows remote attackers to inject arbitrary web script or HTML via the logfile parameter. Vulnerabilidad de XSS en apps/zxtm/locallog.cgi en Riverbed Stingray (también conocido como SteelApp) Traffic Manager Virtual Appliance 9.6 patchlevel 9620140312 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través del parámetro logfile. • http://seclists.org/fulldisclosure/2014/Aug/41 http://www.securityfocus.com/bid/69243 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •