XSS Vulnerability in Xcode Server Affects Mac OS X Server by Apple
CVE-2014-4406

6.1MEDIUM

Key Information:

Vendor

Apple
Status
Os X Server
Vendor
CVE Published:
19 September 2014

What is CVE-2014-4406?

A cross-site scripting vulnerability exists in Xcode Server's CoreCollaboration component, which allows remote attackers to inject arbitrary web scripts or HTML into the application. This could lead to unauthorized access to sensitive data or execution of malicious scripts within the user's session, potentially compromising the security of the affected systems.

References

http://support.apple.com/kb/HT6448
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/96047
vdb-entryx_refsource_XF
http://archives.neohapsis.com/archives/bugtraq/2014-10/01...
vendor-advisoryx_refsource_APPLE

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.