CVE-2014-8917

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Múltiples vulnerabilidades de XSS en (1) dojox/form/resources/uploader.swf (también conocido como upload.swf), (2) dojox/form/resources/fileuploader.swf (también conocido como fileupload.swf), (3) dojox/av/resources/audio.swf, y (4) dojox/av/resources/video.swf en el juego de herramientas de IBM Dojo, utilizado en IBM Social Media Analytics 1.3 anterior a IF11 y otros productos, permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-11-14 CVE Reserved
2015-01-28 CVE Published
2024-08-06 CVE Updated
2024-09-09 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (7)

URL	Tag	Source
http://secunia.com/advisories/62590	Third Party Advisory
http://secunia.com/advisories/62837	Third Party Advisory
http://www.securityfocus.com/bid/72903	Vdb Entry
http://www.securitytracker.com/id/1032376	Vdb Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/99303	Vdb Entry

URL	Date	SRC

URL	Date	SRC
http://www-01.ibm.com/support/docview.wss?uid=swg21694693	2017-09-08

URL	Date	SRC
http://www-01.ibm.com/support/docview.wss?uid=swg21696013	2017-09-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ibm Search vendor "Ibm"		Social Media Analytics Search vendor "Ibm" for product "Social Media Analytics"				<= 1.3.0.0 Search vendor "Ibm" for product "Social Media Analytics" and version " <= 1.3.0.0"		-		Affected
Ibm Search vendor "Ibm"		Financial Transaction Manager Search vendor "Ibm" for product "Financial Transaction Manager"				2.0.0.0 Search vendor "Ibm" for product "Financial Transaction Manager" and version "2.0.0.0"		-		Affected
Ibm Search vendor "Ibm"		Financial Transaction Manager Search vendor "Ibm" for product "Financial Transaction Manager"				2.0.0.1 Search vendor "Ibm" for product "Financial Transaction Manager" and version "2.0.0.1"		-		Affected
Ibm Search vendor "Ibm"		Financial Transaction Manager Search vendor "Ibm" for product "Financial Transaction Manager"				2.0.0.2 Search vendor "Ibm" for product "Financial Transaction Manager" and version "2.0.0.2"		-		Affected
Ibm Search vendor "Ibm"		Financial Transaction Manager Search vendor "Ibm" for product "Financial Transaction Manager"				2.0.0.3 Search vendor "Ibm" for product "Financial Transaction Manager" and version "2.0.0.3"		-		Affected
Ibm Search vendor "Ibm"		Financial Transaction Manager Search vendor "Ibm" for product "Financial Transaction Manager"				2.1.0.0 Search vendor "Ibm" for product "Financial Transaction Manager" and version "2.1.0.0"		-		Affected
Ibm Search vendor "Ibm"		Financial Transaction Manager Search vendor "Ibm" for product "Financial Transaction Manager"				2.1.0.1 Search vendor "Ibm" for product "Financial Transaction Manager" and version "2.1.0.1"		-		Affected
Ibm Search vendor "Ibm"		Financial Transaction Manager Search vendor "Ibm" for product "Financial Transaction Manager"				2.1.0.2 Search vendor "Ibm" for product "Financial Transaction Manager" and version "2.1.0.2"		-		Affected
Ibm Search vendor "Ibm"		Financial Transaction Manager Search vendor "Ibm" for product "Financial Transaction Manager"				2.1.1.0 Search vendor "Ibm" for product "Financial Transaction Manager" and version "2.1.1.0"		-		Affected
Ibm Search vendor "Ibm"		Financial Transaction Manager Search vendor "Ibm" for product "Financial Transaction Manager"				2.1.1.1 Search vendor "Ibm" for product "Financial Transaction Manager" and version "2.1.1.1"		-		Affected
Ibm Search vendor "Ibm"		Financial Transaction Manager Search vendor "Ibm" for product "Financial Transaction Manager"				3.0.0.0 Search vendor "Ibm" for product "Financial Transaction Manager" and version "3.0.0.0"		-		Affected
Ibm Search vendor "Ibm"		Financial Transaction Manager For Check Services Search vendor "Ibm" for product "Financial Transaction Manager For Check Services"				2.1.1.8 Search vendor "Ibm" for product "Financial Transaction Manager For Check Services" and version "2.1.1.8"		-		Affected
Ibm Search vendor "Ibm"		Financial Transaction Manager For Corporate Payment Services Search vendor "Ibm" for product "Financial Transaction Manager For Corporate Payment Services"				2.1.1.0 Search vendor "Ibm" for product "Financial Transaction Manager For Corporate Payment Services" and version "2.1.1.0"		-		Affected