CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

Computer & Web Vulnerabilities

_59016966_hacking

CVE-2014-8490 TennisConnect COMPONENTS System XSS (Cross-Site Scripting) Security Vulnerability

Exploit Title: TennisConnect “TennisConnect COMPONENTS System” /index.cfm pid Parameter XSS

Product: TennisConnect COMPONENTS System

Vendor: TennisConnect

Vulnerable Versions: 9.927

Tested Version: 9.927

Advisory Publication: Nov 18, 2014

Latest Update: Nov 18, 2014

Vulnerability Type: Cross-Site Scripting [CWE-79]

CVE Reference: CVE-2014-8490

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 (MEDIUM) (AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

Credit: Wang Jing [CCRG, Nanyang Technological University, Singapore]

Advisory Details:

(1) Vendor URL:

http://www.tennisconnect.com/products.cfm#Components

Product Description:

TennisConnect COMPONENTS

* Contact Manager (online player database)

* Interactive Calendar including online enrollment

* League & Ladder Management through Tencap Tennis

* Group Email (including distribution lists, player reports, unlimited sending volume and frequency)

* Multi-Administrator / security system with Page Groups

* Member Administration

* MobileBuilder

* Online Tennis Court Scheduler

* Player Matching (Find-a-Game)

* Web Site Builder (hosted web site and editing tools…

View original post 48 more words

Advertisements

About essaybeans

Getting realistic and idealistic at the same time.
This entry was posted in Computer & Web Technology. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s