{"api_version":"1","generated_at":"2026-04-23T01:31:51+00:00","cve":"CVE-2014-7852","urls":{"html":"https://cve.report/CVE-2014-7852","api":"https://cve.report/api/cve/CVE-2014-7852.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2014-7852","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2014-7852"},"summary":{"title":"CVE-2014-7852","description":"Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2014-12-11 15:59:00","updated_at":"2017-01-03 02:59:00"},"problem_types":["CWE-79"],"metrics":[],"references":[{"url":"http://rhn.redhat.com/errata/RHSA-2014-1973.html","name":"RHSA-2014:1973","refsource":"REDHAT","tags":["Vendor Advisory"],"title":"Red Hat Customer Portal","mime":"text/html","httpstatus":"-1","archivestatus":"200"},{"url":"http://www.securitytracker.com/id/1031363","name":"1031363","refsource":"SECTRACK","tags":[],"title":"JBoss Portal Input Validation Flaw Permits Cross-Site Scripting Attacks - SecurityTracker","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2014-7852","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-7852","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2014","cve_id":"7852","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"6.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2014","cve_id":"7852","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"jboss_enterprise_portal_platform","cpe6":"6.1.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2014-7852","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_affected":"=","version_value":"n/a"}]}}]}}]}},"references":{"reference_data":[{"url":"http://rhn.redhat.com/errata/RHSA-2014-1973.html","refsource":"MISC","name":"http://rhn.redhat.com/errata/RHSA-2014-1973.html"},{"url":"http://www.securitytracker.com/id/1031363","refsource":"MISC","name":"http://www.securitytracker.com/id/1031363"}]}},"nvd":{"publishedDate":"2014-12-11 15:59:00","lastModifiedDate":"2017-01-03 02:59:00","problem_types":["CWE-79"],"metrics":{"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:N/I:P/A:N","accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE","baseScore":4.3},"severity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:jboss_enterprise_portal_platform:6.1.1:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2014","CveId":"7852","Ordinal":"74872","Title":"CVE-2014-7852","CVE":"CVE-2014-7852","Year":"2014"},"notes":[{"CveYear":"2014","CveId":"7852","Ordinal":"1","NoteData":"Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used in JBoss Portal 6.1.1, allows remote attackers to inject arbitrary web script or HTML via crafted URL, which is not properly handled in a CSS file.","Type":"Description","Title":null},{"CveYear":"2014","CveId":"7852","Ordinal":"2","NoteData":"2014-12-11","Type":"Other","Title":"Published"},{"CveYear":"2014","CveId":"7852","Ordinal":"3","NoteData":"2016-12-30","Type":"Other","Title":"Modified"}]}}}