Tags
0-day, Application Exploit, browser, Computer Science, Computer Security, cyber-security, Database Tech, Hacker Research, Information Security, Internet Testing, IT Security, IT Technology, PHP Code, Scripting Programming, vulnerability, Web Development, Web Flaw, Web Security, Website Bug, white-hat
CVE-2014-7290 Atlas Systems Aeon XSS (Cross-Site Scripting) Security Vulnerability
Exploit Title: Atlas Systems Aeon XSS Vulnerability
Product: Aeon
Vendor: Atlas Systems
Vulnerable Versions: 3.6 3.5
Tested Version: 3.6
Advisory Publication: Nov 12, 2014
Latest Update: Nov 12, 2014
Vulnerability Type: Cross-Site Scripting [CWE-79]
CVE Reference: CVE-2014-7290
Solution Status: Fixed by Vendor
CVSS Severity (version 2.0):
CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore: 2.9
Exploitability Subscore: 8.6
Credit: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore]