CVE-2014-3433

{"id": "CVE-2014-3433", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2014-06-27T14:55:05.453", "references": [{"url": "http://www.securityfocus.com/bid/68161", "source": "secure@symantec.com"}, {"url": "http://www.securitytracker.com/id/1030472", "source": "secure@symantec.com"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00", "tags": ["Vendor Advisory"], "source": "secure@symantec.com"}, {"url": "http://www.securityfocus.com/bid/68161", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id/1030472", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20140625_00", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified form field, related to an \"HTML script injection\" issue."}, {"lang": "es", "value": "Vulnerabilidad de XSS en la consola de gesti\u00f3n en Symantec Data Insight 3.x y 4.x anterior a 4.5 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un campo de formulario no especificado, relacionado con un problema de 'inyecci\u00f3n de secuencias de comandos HTML'."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:symantec:data_insight:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "334B28BA-0D47-49E2-AB44-737CFBF23DBD"}, {"criteria": "cpe:2.3:a:symantec:data_insight:3.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25FC84BA-9BF1-47A7-89A9-280BE29FEC74"}, {"criteria": "cpe:2.3:a:symantec:data_insight:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4668FCAF-25F1-457B-A53E-54615B14C398"}], "operator": "OR"}]}], "sourceIdentifier": "secure@symantec.com"}