CVE-2014-10078

MEDIUM

Vembu StoreGrid 4.4.x - Cross-Site Scripting in Registration Failure/Success Pages

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-10078. PoCs published by Gionathan Reale.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Vembu Storegrid Web Interface 4.4.0, including information disclosure and reflected XSS. It does not contain executable exploit code but outlines attack vectors.

Description

Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.

Exploits (1)

exploitdb WRITEUP
by Gionathan Reale · textwebappsphp
https://www.exploit-db.com/exploits/46549

The provided text describes multiple vulnerabilities in Vembu Storegrid Web Interface 4.4.0, including information disclosure and reflected XSS. It does not contain executable exploit code but outlines attack vectors.

Classification
Writeup 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Vembu Storegrid Web Interface 4.4.0
No auth needed
Prerequisites: Network access to the target web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/46549/
Exploit, Third Party Advisory x_refsource_misc
https://cxsecurity.com/issue/WLB-2018120091
Mailing List, Third Party Advisory x_refsource_misc
https://seclists.org/fulldisclosure/2014/Aug/8

Scores

CVSS v3 6.1
EPSS 0.0325
EPSS Percentile 86.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
vembu/storegrid 4.4
Published Feb 23, 2019
Tracked Since Feb 18, 2026