Home > Vulnerability Database > CVE-2015-2745

Mend.io Vulnerability Database

CVE-2015-2745

Good to know:

Date: August 7, 2015

Multiple cross-site scripting (XSS) vulnerabilities in the Search app in Gaia in Mozilla Firefox OS before 2.2 allow remote attackers to inject arbitrary HTML via the (1) name or (2) title field in card content associated with a search link that is mishandled after a HOME button press or a Show Windows action, as demonstrated by embedding an arbitrary application or spoofing the account-creation page.

Language: JS

Severity Score

3.7

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-2745

Url: https://github.com/mozilla-b2g/gaia/commit/0f72a8c31df9f3d8f609a7c58ca91139051d44eb

Url: https://bugzilla.mozilla.org/show_bug.cgi?id=1101158

Url: http://www.mozilla.org/security/announce/2015/mfsa2015-73.html

Url: https://www.mend.io/vulnerability-database/CVE-2015-2745

Severity Score

3.7

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-2745

Good to know:

Date: August 7, 2015

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?