PT-2014-7837 · Unknown · Bassmaster
Jarda Kotesovec
+1
·
Published
2014-10-08
·
Updated
2019-07-16
·
CVE-2014-7205
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
bassmaster versions prior to 1.5.2
Description
The issue allows remote attackers to execute arbitrary Javascript code via unspecified vectors, due to an eval injection vulnerability in the internals.batch function in lib/batch.js. This vulnerability exists in versions of bassmaster that allow an attacker to provide arbitrary JavaScript that is then executed server-side via eval.
Recommendations
For versions prior to 1.5.2, update to bassmaster version 1.5.2 or greater.
Exploit
Fix
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bassmaster