CVE-2014-5360: XSS
First published: Tue Feb 03 2015(Updated: )
Cross-site scripting (XSS) vulnerability in the admin interface in LANDESK Management Suite before 9.6 SP1 allows remote attackers to inject arbitrary web script or HTML via the AMTVersion parameter to remote/serverlist_grouptree.aspx.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ivanti LANDESK Management Suite | <=9.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-5360?
CVE-2014-5360 is classified as a medium severity vulnerability due to its potential for exploitation via cross-site scripting.
How do I fix CVE-2014-5360?
To remediate CVE-2014-5360, upgrade the LANDESK Management Suite to version 9.6 SP1 or later.
What impact does CVE-2014-5360 have on vulnerable systems?
CVE-2014-5360 allows remote attackers to inject arbitrary web scripts or HTML into the admin interface, compromising the security of the affected system.
Who is affected by CVE-2014-5360?
CVE-2014-5360 affects users of the LANDESK Management Suite version 9.6 and earlier.
Can I exploit CVE-2014-5360 for phishing attacks?
Yes, CVE-2014-5360 could be exploited in phishing attacks by injecting malicious scripts into the admin interface.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/weakness
- vendor/landesk
- canonical/ivanti landesk management suite
- version/ivanti landesk management suite/9.6