CVE-2015-4714 - OpenCVE

Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S allows remote attackers to inject arbitrary web script or HTML via the mode parameter to /body.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Dream-multimedia-tv	Dreambox Dm500-s Firmware Dreambox Dm500-s

Configuration 1 [-]

AND

cpe:2.3:o:dream-multimedia-tv:dreambox_dm500-s_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:dream-multimedia-tv:dreambox_dm500-s:*:*:*:*:*:*:*:*

References

Link	Resource
http://packetstormsecurity.com/files/132214/DreamBox-DM500s-Cross-Site-Scripting.html	Exploit
http://www.securityfocus.com/bid/75388

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-06-22T18:00:00

Updated: 2016-12-05T20:57:01

Reserved: 2015-06-22T00:00:00

Link: CVE-2015-4714

JSON object: View

NVD Information

Status : Modified

Published: 2015-06-22T18:59:02.120

Modified: 2016-12-07T18:13:58.670

Link: CVE-2015-4714

JSON object: View

Redhat Information

No data.

CWE

CWE-79