{"cve":{"cve_id":"CVE-2014-0771","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.01409,"epss_percentile":0.69156,"epss_as_of":"2026-06-23","description":"The BWOCXRUN.BwocxrunCtrl.1 control contains a method named \n“OpenUrlToBuffer.” This method takes a URL as a parameter and returns \nits contents to the caller in JavaScript. The URLs are accessed in the \nsecurity context of the current browser session. The control does not \nperform any URL validation and allows “file://” URLs that access the \nlocal disk.\n\n\nThe method can be used to open a URL (including file URLs) and read \nfile URLs through JavaScript. This method could also be used to reach \nany arbitrary URL to which the browser has access.","published_at":"2014-04-12T01:00:00Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-538"],"nvd_references":["https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03","http://www.securityfocus.com/bid/66740","http://webaccess.advantech.com/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:07:06.086468Z"},"effective_severity":null,"badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"advantech","vendor_name":"Advantech","product_slug":"webaccess","product_name":"WebAccess","version_start":"0","version_start_inclusive":true,"version_end":"7.1","version_end_inclusive":true,"cpe23_uri":"cve5:advantech:webaccess:0:7.1"},{"vendor_slug":"advantech","vendor_name":"Advantech","product_slug":"webaccess","product_name":"WebAccess","version_start":"7.2","version_start_inclusive":true,"version_end":"7.2","version_end_inclusive":true,"cpe23_uri":"cve5:advantech:webaccess:7.2:7.2"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"http://www.securityfocus.com/bid/66740","source_type":"MISC","tags":[]},{"url":"http://webaccess.advantech.com/","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2014-04-12T01:00:00Z","label":"CVE published","source":null}]}