CVE-2014-7850
Description
Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x before 4.1.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to breadcrumb navigation.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:H
EPSS Score
Exploitation Probability
0.361
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Bind-dyndb-ldap update (ELSA-2024-3044) bind-dyndb-ldap-11.6-4.module+el8.9.0+90094+20819f5a.x86_64.rpm | Linux |
| Custodia update (ELSA-2024-3044) custodia-0.6.0-3.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Ipa-client update (ELSA-2024-3044) ipa-client-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpm | Linux |
| Ipa-client update (ELSA-2024-3044) ipa-client-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.x86_64.rpm | Linux |
| Ipa-client-common update (ELSA-2024-3044) ipa-client-common-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Ipa-client-common update (ELSA-2024-3044) ipa-client-common-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpm | Linux |
| Ipa-client-epn update (ELSA-2024-3044) ipa-client-epn-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpm | Linux |
| Ipa-client-epn update (ELSA-2024-3044) ipa-client-epn-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.x86_64.rpm | Linux |
| Ipa-client-samba update (ELSA-2024-3044) ipa-client-samba-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpm | Linux |
| Ipa-client-samba update (ELSA-2024-3044) ipa-client-samba-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.x86_64.rpm | Linux |
| Ipa-common update (ELSA-2024-3044) ipa-common-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Ipa-common update (ELSA-2024-3044) ipa-common-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpm | Linux |
| Ipa-healthcheck update (ELSA-2024-3044) ipa-healthcheck-0.12-3.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Ipa-healthcheck-core update (ELSA-2024-3044) ipa-healthcheck-core-0.12-3.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Ipa-healthcheck-core update (ELSA-2024-3044) ipa-healthcheck-core-0.12-3.module+el8.9.0+90095+d672673c.noarch.rpm | Linux |
| Ipa-python-compat update (ELSA-2024-3044) ipa-python-compat-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Ipa-python-compat update (ELSA-2024-3044) ipa-python-compat-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpm | Linux |
| Ipa-selinux update (ELSA-2024-3044) ipa-selinux-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Ipa-selinux update (ELSA-2024-3044) ipa-selinux-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpm | Linux |
| Ipa-server update (ELSA-2024-3044) ipa-server-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpm | Linux |
| Ipa-server-common update (ELSA-2024-3044) ipa-server-common-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Ipa-server-dns update (ELSA-2024-3044) ipa-server-dns-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Ipa-server-trust-ad update (ELSA-2024-3044) ipa-server-trust-ad-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.x86_64.rpm | Linux |
| Opendnssec update (ELSA-2024-3044) opendnssec-2.1.7-1.module+el8.9.0+90094+20819f5a.x86_64.rpm | Linux |
| Python3-custodia update (ELSA-2024-3044) python3-custodia-0.6.0-3.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Python3-ipaclient update (ELSA-2024-3044) python3-ipaclient-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Python3-ipaclient update (ELSA-2024-3044) python3-ipaclient-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpm | Linux |
| Python3-ipalib update (ELSA-2024-3044) python3-ipalib-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Python3-ipalib update (ELSA-2024-3044) python3-ipalib-4.9.13-8.0.1.module+el8.10.0+90332+38aded3e.noarch.rpm | Linux |
| Python3-ipaserver update (ELSA-2024-3044) python3-ipaserver-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Python3-ipatests update (ELSA-2024-3044) python3-ipatests-4.9.13-8.0.1.module+el8.10.0+90331+72067d32.noarch.rpm | Linux |
| Python3-jwcrypto update (ELSA-2024-3044) python3-jwcrypto-0.5.0-1.1.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Python3-jwcrypto update (ELSA-2024-3044) python3-jwcrypto-0.5.0-1.1.module+el8.9.0+90095+d672673c.noarch.rpm | Linux |
| Python3-kdcproxy update (ELSA-2024-3044) python3-kdcproxy-0.4-5.module+el8.9.0+90122+3305dc1d.noarch.rpm | Linux |
| Python3-pyusb update (ELSA-2024-3044) python3-pyusb-1.0.0-9.1.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Python3-pyusb update (ELSA-2024-3044) python3-pyusb-1.0.0-9.1.module+el8.9.0+90095+d672673c.noarch.rpm | Linux |
| Python3-qrcode update (ELSA-2024-3044) python3-qrcode-5.1-12.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Python3-qrcode update (ELSA-2024-3044) python3-qrcode-5.1-12.module+el8.9.0+90095+d672673c.noarch.rpm | Linux |
| Python3-qrcode-core update (ELSA-2024-3044) python3-qrcode-core-5.1-12.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Python3-qrcode-core update (ELSA-2024-3044) python3-qrcode-core-5.1-12.module+el8.9.0+90095+d672673c.noarch.rpm | Linux |
| Python3-yubico update (ELSA-2024-3044) python3-yubico-1.3.2-9.1.module+el8.9.0+90094+20819f5a.noarch.rpm | Linux |
| Python3-yubico update (ELSA-2024-3044) python3-yubico-1.3.2-9.1.module+el8.9.0+90095+d672673c.noarch.rpm | Linux |
| Slapi-nis update (ELSA-2024-3044) slapi-nis-0.60.0-4.module+el8.10.0+90297+bfe93ccc.x86_64.rpm | Linux |
| Softhsm update (ELSA-2024-3044) softhsm-2.6.0-5.module+el8.9.0+90094+20819f5a.x86_64.rpm | Linux |
| Softhsm-devel update (ELSA-2024-3044) softhsm-devel-2.6.0-5.module+el8.9.0+90094+20819f5a.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234