CVE-2014-4301 - OpenCVE

Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Ajenti	Ajenti

Configuration 1 [-]

OR	cpe:2.3:a:ajenti:ajenti::::::::
	cpe:2.3:a:ajenti:ajenti:1.2.0:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.1:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.2:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.3:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.4:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.5:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.6:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.7:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.8:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.9:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.10:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.11.2:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.12:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.13:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.14:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.15:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.16:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.17:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.18:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.19:::::::*
	cpe:2.3:a:ajenti:ajenti:1.2.20:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/59177
http://www.securityfocus.com/bid/68047
https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120
https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-06-18T14:00:00

Updated: 2024-08-06T11:12:34.546Z

Reserved: 2014-06-18T00:00:00

Link: CVE-2014-4301

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-06-18T14:55:13.307

Modified: 2016-09-06T13:38:35.527

Link: CVE-2014-4301

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-06-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-06-20T13:57:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120"}, {"name": "59177", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/59177"}, {"tags": ["x_refsource_MISC"], "url": "https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti"}, {"name": "68047", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/68047"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-4301", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120", "refsource": "CONFIRM", "url": "https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120"}, {"name": "59177", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/59177"}, {"name": "https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti", "refsource": "MISC", "url": "https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti"}, {"name": "68047", "refsource": "BID", "url": "http://www.securityfocus.com/bid/68047"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T11:12:34.546Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120"}, {"name": "59177", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/59177"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti"}, {"name": "68047", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/68047"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-4301", "datePublished": "2014-06-18T14:00:00", "dateReserved": "2014-06-18T00:00:00", "dateUpdated": "2024-08-06T11:12:34.546Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ajenti:ajenti:*:*:*:*:*:*:*:*", "matchCriteriaId": "40A0F389-FFD9-4A3B-834D-590E82C3FA2C", "versionEndIncluding": "1.2.21", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "C7B0A64A-B7C0-4C26-9D99-C62EC55E7798", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "2D993FFE-EC2F-47B8-9977-584C5A45DE72", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "0A910951-0BB7-4D81-85F6-92C33C483A8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "984A2F17-4D28-4773-A83F-D1AD9C5C3643", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "A55937EB-97D4-4E14-B277-C82B1D1C15F9", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "7584CB68-1F09-4974-88E7-E0F83776AC6B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "BE69A990-4D12-4F75-85D3-D8527C1C64FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "BBD60311-4A22-4FF8-8FAB-7EF872DE3ECF", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "D8FB0745-DAFE-4A9F-A6D0-ABAF9A937F4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "13E6C3AF-15AD-4897-8A71-C05FFD94081B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "E4C7941B-9116-48C7-B529-A97DE13D64F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.11.2:*:*:*:*:*:*:*", "matchCriteriaId": "EAABC566-E783-47A8-A375-5D39B6342EE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "7B5FFC25-9E65-4AC2-9036-8D6737FF98AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "D8585A18-570A-4F8A-8F25-7361AA034210", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "4EC2C47B-CAA5-4804-ABD2-4373D08457AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "A0757415-9675-4FC1-BAAC-C4ACAE92802B", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "9CD3FF52-5171-4FCB-B7F9-14401D0A0130", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "DE8B485A-4232-4232-8BC1-62201BBAF095", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "F6A18C3B-445D-4C7F-911A-BF1C5D8998E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.19:*:*:*:*:*:*:*", "matchCriteriaId": "006EAD4D-140C-4D17-92EA-102565B61801", "vulnerable": true}, {"criteria": "cpe:2.3:a:ajenti:ajenti:1.2.20:*:*:*:*:*:*:*", "matchCriteriaId": "9BA6F8FE-EF7D-4712-82E9-09E65479C993", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de XSS en la funci\u00f3n respond_error en routing.py en Eugene Pankov Ajenti anterior a 1.2.21.7 permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de PATH_INFO hacia (1) resources.js o (2) resources.css en ajenti:static/, relacionado con la p\u00e1gina traceback."}], "id": "CVE-2014-4301", "lastModified": "2016-09-06T13:38:35.527", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-06-18T14:55:13.307", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/59177"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/68047"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://www.netsparker.com/critical-xss-vulnerabilities-in-ajenti"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}