CVE-2014-9606
MEDIUM NUCLEINetsweeper <3.1.10, 4.0.x <4.0.9, 4.1.x <4.1.2 - XSS
Title source: llmExploitation Summary
CVE-2014-9606 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
Multiple cross-site scripting (XSS) vulnerabilities in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) server parameter to remotereporter/load_logfiles.php, (2) customctid parameter to webadmin/policy/category_table_ajax.php, (3) urllist parameter to webadmin/alert/alert.php, (4) QUERY_STRING to webadmin/ajaxfilemanager/ajax_get_file_listing.php, or (5) PATH_INFO to webadmin/policy/policy_table_ajax.php/.
Nuclei Templates (1)
Netsweeper 4.0.8 - Cross-Site Scripting
MEDIUMby daffainfo
References (1)
Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/133034/Netsweeper-Bypass-XSS-Redirection-SQL-Injection-Execution.html
Scores
CVSS v3
6.1
EPSS
0.0941
EPSS Percentile
93.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
netsweeper/netsweeper
< 3.1.10
Published
Feb 19, 2020
Tracked Since
Feb 18, 2026