{"cve":{"cve_id":"CVE-2014-0772","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.01448,"epss_percentile":0.69912,"epss_as_of":"2026-06-23","description":"The BWOCXRUN.BwocxrunCtrl.1 control contains a method named \nOpenUrlToBufferTimeout. This method takes a URL as a parameter and \nreturns its contents to the caller in JavaScript. The URLs are accessed \nin the security context of the current browser session. The control does\n not perform any URL validation and allows file:// URLs that access the \nlocal disk.\n\n\nThe method can be used to open a URL (including file URLs) and read \nthe URLs through JavaScript. This method could also be used to reach any\n arbitrary URL to which the browser has access.","published_at":"2014-04-12T01:00:00Z","last_modified_at":null,"cvss_v3_score":null,"cvss_v3_vector":null,"cvss_v3_severity":null,"cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-538"],"nvd_references":["https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03","http://www.securityfocus.com/bid/66740","http://webaccess.advantech.com/"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:07:06.086468Z"},"effective_severity":null,"badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":null,"metrics":[]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"advantech","vendor_name":"Advantech","product_slug":"webaccess","product_name":"WebAccess","version_start":"0","version_start_inclusive":true,"version_end":"7.1","version_end_inclusive":true,"cpe23_uri":"cve5:advantech:webaccess:0:7.1"},{"vendor_slug":"advantech","vendor_name":"Advantech","product_slug":"webaccess","product_name":"WebAccess","version_start":"7.2","version_start_inclusive":true,"version_end":"7.2","version_end_inclusive":true,"cpe23_uri":"cve5:advantech:webaccess:7.2:7.2"}],"exploit_refs":[],"news":[],"references":[{"url":"https://www.cisa.gov/news-events/ics-advisories/icsa-14-079-03","source_type":"VENDOR_ADVISORY","tags":["advisory"]},{"url":"http://www.securityfocus.com/bid/66740","source_type":"MISC","tags":[]},{"url":"http://webaccess.advantech.com/","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2014-04-12T01:00:00Z","label":"CVE published","source":null}]}