IM
IronMonkey Threat Research

CVE-2015-6584 MEDIUM

Published: 2015-09-11 | Last Modified: 2026-06-17 | Status: Modified

Description

Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.

Additional Descriptions (1)

Vulnerabilidad en la función ber_get_next en libraries/liblber/io.c en OpenLDAP 2.4.42 y versiones anteriores, permite a atacantes remotos causar una denegación de servicio (aserción accesible y caída de la aplicación) a través de datos BER manipulados, según lo demostrado por un ataque contra slapd.

CVSS Metrics

Base Score: 4.3 (MEDIUM)

AV:N/AC:M/Au:N/C:N/I:P/A:N

Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactNONE
Integrity ImpactPARTIAL
Availability ImpactNONE

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 2.9

Weaknesses

Source Type Description
[email protected] Primary
en CWE-79

Affected Products

Vendor Product Version Update Type
sprymedia datatables * <built-in method update of dict object at 0x72a9cd0859c0> Application

Affected Configurations

Operator: OR

Vulnerable CPE
Yes cpe:2.3:a:sprymedia:datatables:*:*:*:*:*:jquery:*:*

References

Notification
Message here