CVE-2014-5348: XSS
First published: Tue Aug 19 2014(Updated: )
Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in Riverbed Stingray (aka SteelApp) Traffic Manager Virtual Appliance 9.6 patchlevel 9620140312 allows remote attackers to inject arbitrary web script or HTML via the logfile parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Riverbed SteelApp Traffic Manager | =9.6-9620140312 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2014-5348?
CVE-2014-5348 is classified as a medium severity vulnerability due to its potential for exploitation via cross-site scripting.
How do I fix CVE-2014-5348?
To fix CVE-2014-5348, it is recommended to upgrade to a patched version of Riverbed SteelApp Traffic Manager beyond 9.6 patchlevel 9620140312.
What is the impact of exploiting CVE-2014-5348?
Exploiting CVE-2014-5348 allows attackers to inject arbitrary web scripts or HTML, potentially compromising user sessions or defacing web content.
Which version of Riverbed SteelApp Traffic Manager is affected by CVE-2014-5348?
CVE-2014-5348 affects Riverbed SteelApp Traffic Manager version 9.6 patchlevel 9620140312.
Is CVE-2014-5348 found in any other software versions?
CVE-2014-5348 is specifically associated with Riverbed SteelApp Traffic Manager 9.6 and does not affect other versions.
- agent/type
- agent/references
- agent/softwarecombine
- agent/author
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/riverbed
- canonical/riverbed steelapp traffic manager
- version/riverbed steelapp traffic manager/9.6-9620140312