CVE-2014-4406
MEDIUMApple OS X Server <3.2.1 - XSS
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References (8)
Scores
CVSS v3
6.1
EPSS
0.0057
EPSS Percentile
68.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Classification
CWE
CWE-79
Status
draft
Affected Products (13)
apple/os_x_server
< 3.1.2
apple/os_x_server
apple/os_x_server
apple/os_x_server
apple/os_x_server
apple/os_x_server
apple/os_x_server
apple/os_x_server
apple/os_x_server
apple/os_x_server
apple/os_x_server
apple/os_x_server
apple/os_x_server
Timeline
Published
Sep 19, 2014
Tracked Since
Feb 18, 2026