[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVE-2014-8732

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: CVE-2014-8732
From: cert@xxxxxxxxx
Date: Wed, 12 Nov 2014 09:27:11 GMT

CVE-2014-8732
CVSSv2 Vector:
[AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C]
CVSSv2 Base Score=7.5
CVSSv2 Temp Score=7.5
OWASP Top 10 classification: A3 - Cross Site Scripting

There is a stored xss vulnerability in phpMemcachedAdmin. Most of the 
user-specified input fields which are displayed on several pages of the 
application aren't properly escaped (lack of output enconding).

All versions prior and including the current version 1.2.2 are affected as far 
as we know.

Prev by Date: CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2
Next by Date: Prey Anti-Theft for Android missing SSL certificate validation [STIC-2014-0731]
Previous by thread: Re: CVE-2014-8731 - RCE in phpMemcachedAdmin <=1.2.2
Next by thread: Re: CVE-2014-8732
Index(es):
- Date
- Thread