Unrated severityNVD Advisory· Published Aug 19, 2014· Updated May 6, 2026

CVE-2014-5348

Description

Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in Riverbed Stingray (aka SteelApp) Traffic Manager Virtual Appliance 9.6 patchlevel 9620140312 allows remote attackers to inject arbitrary web script or HTML via the logfile parameter.

Affected products

Riverbed/Steelapp Traffic Manager
cpe:2.3:a:riverbed:steelapp_traffic_manager:9.6:9620140312:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

seclists.org/fulldisclosure/2014/Aug/41nvdExploit
www.securityfocus.com/bid/69243nvdExploit

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000