Strix
26.1K

CVE-2014-3960

UnknownEPSS 1.78%

Last modified

CVE-2014-3960 is a vulnerability of currently unknown severity. Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.. EPSS estimates a 1.78% chance of exploitation in the next 30 days.

Description

Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Metrics

EPSS Probability
1.78%

75.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
OpennmsOpennms<= 1.12.6
OpennmsOpennms1.9.0
OpennmsOpennms1.9.1
OpennmsOpennms1.9.2
OpennmsOpennms1.9.3
OpennmsOpennms1.9.4
OpennmsOpennms1.9.5
OpennmsOpennms1.9.6
OpennmsOpennms1.9.7
OpennmsOpennms1.9.8
OpennmsOpennms1.9.90
OpennmsOpennms1.9.91
OpennmsOpennms1.9.92
OpennmsOpennms1.9.93
OpennmsOpennms1.10.0
OpennmsOpennms1.10.1
OpennmsOpennms1.10.2
OpennmsOpennms1.10.3
OpennmsOpennms1.10.4
OpennmsOpennms1.10.5
OpennmsOpennms1.10.6
OpennmsOpennms1.10.7
OpennmsOpennms1.10.8
OpennmsOpennms1.10.9
OpennmsOpennms1.10.10
OpennmsOpennms1.10.11
OpennmsOpennms1.10.12
OpennmsOpennms1.10.13
OpennmsOpennms1.10.14
OpennmsOpennms1.11.0
OpennmsOpennms1.11.1
OpennmsOpennms1.11.2
OpennmsOpennms1.11.3
OpennmsOpennms1.11.90
OpennmsOpennms1.11.91
OpennmsOpennms1.11.92
OpennmsOpennms1.11.93
OpennmsOpennms1.11.94
OpennmsOpennms1.12.0
OpennmsOpennms1.12.1
OpennmsOpennms1.12.2
OpennmsOpennms1.12.3
OpennmsOpennms1.12.4
OpennmsOpennms1.12.5

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2014-3960?
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
How severe is CVE-2014-3960?
Severity scoring for CVE-2014-3960 is pending analysis. The EPSS model estimates a 1.78% probability of exploitation in the next 30 days.
How do I fix CVE-2014-3960?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2014-3960?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST