CVE-2014-3949

Published Jun 4, 2014
Last updated a month ago
CVSS info 3.5
Overview

Description: Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors.
Source: cve@mitre.org
NVD status: Deferred
Risk scores

CVSS 2.0

Type: Primary
Base score: 3.5
Impact score: 2.9
Exploitability score: 6.8
Vector string: AV:N/AC:M/Au:S/C:N/I:P/A:N
Weaknesses

nvd@nist.gov: CWE-79
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93D2F82D-F866-4E01-B5CB-97F6ABA52F38",
            "versionEndIncluding": "1.5.0"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09111685-4297-4F93-8052-318D4FD5E808"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17FDD00C-90C5-4EA2-8B72-01C9C0B95459"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13A405A9-5066-4B4B-AED6-B4734D46FDA8"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:0.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "86549BF1-84EE-49DA-AD84-567B5CB5F0D2"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:0.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AF66FBF-FEF1-4190-BAA9-A31E6D5809F7"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F92AB4BD-CC6B-46C8-8621-C2F8467B9442"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F07B3379-173D-4135-94B3-6A1B932E4E26"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B09F6A98-35CD-4A2A-A6B5-90B177921561"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1383A3D6-2643-4EA2-B326-438BB38C12B6"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C145E2A0-04BA-4BEB-A50E-4041D0D4AEF2"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1B8E5264-5E3A-45D5-8E35-26EA6BDBA06E"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "19BB9EAE-C9A1-41EA-A06D-2B5FB75DB37E"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "05ABCCE1-C176-49F0-AE28-4A318B90C64B"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07DCEDC1-1058-4281-A9C9-5B8E8170E932"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "354E43A6-9190-4C6E-A757-BAE006652834"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5366D77-F6E3-4127-A006-C29D98B80103"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "65522EE6-A402-4CAC-B260-4E6D26D838CB"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F1E45A7A-90A0-40F2-8684-C2F5A010DB81"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "77C69307-17E4-4B93-8B3C-9DB8FF4D7E20"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "595323ED-9C0A-4B3E-8ECB-F5327278FC63"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3A392163-529B-49FA-B8D5-9037ABDED2A8"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1BB3339C-1081-4822-BE24-49E84991624F"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6BEC7DB2-FE6F-4B41-BA3F-7B482ADF22C1"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E0985C30-036E-4915-BBFF-7146958C986F"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.3.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4C626CA-19BF-4BAF-B6BC-B5B70B01CA05"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB3E1B7D-2008-4226-A5A1-A3FBCD39D863"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:1.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6A669183-F816-4A0A-BD99-15B8E7080408"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:2.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE227017-1C49-48BC-B221-C6952D94317E"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3EC06E3-5DC2-4E11-BF26-52024323BE32"
          },
          {
            "criteria": "cpe:2.3:a:jo_hasenau:gridelements:2.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D9CD0BE-74DA-4112-A47F-B41E1E0325E6"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "E66C5ABA-7727-4562-A792-5E450098D520"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]
References

Sources include official advisories and independent security research.
Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References
