Search criteria

2 vulnerabilities found for mediatrix_voip_gateway_4402_firmware by media5

CVE-2014-1612 (GCVE-0-2014-1612)

Vulnerability from nvd – Published: 2014-01-30 18:00 – Updated: 2024-08-06 09:50
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/archive/1/530871/100… mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.kb.cert.org/vuls/id/252294 third-party-advisoryx_refsource_CERT-VN
http://packetstormsecurity.com/files/124931/Media… x_refsource_MISC
http://osvdb.org/102415 vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/65108 vdb-entryx_refsource_BID
http://secunia.com/advisories/56638 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:50:09.311Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140123 Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/530871/100/0/threaded"
          },
          {
            "name": "mediatrixwebmanagement-cve20141612-xss(90656)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90656"
          },
          {
            "name": "VU#252294",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/252294"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html"
          },
          {
            "name": "102415",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/102415"
          },
          {
            "name": "65108",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65108"
          },
          {
            "name": "56638",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56638"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20140123 Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/530871/100/0/threaded"
        },
        {
          "name": "mediatrixwebmanagement-cve20141612-xss(90656)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90656"
        },
        {
          "name": "VU#252294",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/252294"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html"
        },
        {
          "name": "102415",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/102415"
        },
        {
          "name": "65108",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65108"
        },
        {
          "name": "56638",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56638"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-1612",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140123 Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/530871/100/0/threaded"
            },
            {
              "name": "mediatrixwebmanagement-cve20141612-xss(90656)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90656"
            },
            {
              "name": "VU#252294",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/252294"
            },
            {
              "name": "http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html"
            },
            {
              "name": "102415",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/102415"
            },
            {
              "name": "65108",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65108"
            },
            {
              "name": "56638",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56638"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-1612",
    "datePublished": "2014-01-30T18:00:00.000Z",
    "dateReserved": "2014-01-20T00:00:00.000Z",
    "dateUpdated": "2024-08-06T09:50:09.311Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-1612 (GCVE-0-2014-1612)

Vulnerability from cvelistv5 – Published: 2014-01-30 18:00 – Updated: 2024-08-06 09:50
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
http://www.securityfocus.com/archive/1/530871/100… mailing-listx_refsource_BUGTRAQ
https://exchange.xforce.ibmcloud.com/vulnerabilit… vdb-entryx_refsource_XF
http://www.kb.cert.org/vuls/id/252294 third-party-advisoryx_refsource_CERT-VN
http://packetstormsecurity.com/files/124931/Media… x_refsource_MISC
http://osvdb.org/102415 vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/65108 vdb-entryx_refsource_BID
http://secunia.com/advisories/56638 third-party-advisoryx_refsource_SECUNIA
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:50:09.311Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20140123 Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/530871/100/0/threaded"
          },
          {
            "name": "mediatrixwebmanagement-cve20141612-xss(90656)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90656"
          },
          {
            "name": "VU#252294",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/252294"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html"
          },
          {
            "name": "102415",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/102415"
          },
          {
            "name": "65108",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65108"
          },
          {
            "name": "56638",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/56638"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-01-23T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "20140123 Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/530871/100/0/threaded"
        },
        {
          "name": "mediatrixwebmanagement-cve20141612-xss(90656)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90656"
        },
        {
          "name": "VU#252294",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/252294"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html"
        },
        {
          "name": "102415",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/102415"
        },
        {
          "name": "65108",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65108"
        },
        {
          "name": "56638",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/56638"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-1612",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site scripting (XSS) vulnerability in login.esp in the Web Management Interface in Media5 Mediatrix 4402 VoIP Gateway with firmware Dgw 1.1.13.186 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20140123 Reflected cross-site scripting (XSS) vulnerability in Mediatrix Web Management Interface login page",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/530871/100/0/threaded"
            },
            {
              "name": "mediatrixwebmanagement-cve20141612-xss(90656)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90656"
            },
            {
              "name": "VU#252294",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/252294"
            },
            {
              "name": "http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/124931/Mediatrix-4402-Cross-Site-Scripting.html"
            },
            {
              "name": "102415",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/102415"
            },
            {
              "name": "65108",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65108"
            },
            {
              "name": "56638",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/56638"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-1612",
    "datePublished": "2014-01-30T18:00:00.000Z",
    "dateReserved": "2014-01-20T00:00:00.000Z",
    "dateUpdated": "2024-08-06T09:50:09.311Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}