CVE-2014-1403

Easyxdm < 2.4.18 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value.

References (8)

[Exploit] http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html

[Third Party Advisory, VDB Entry] http://osvdb.org/102803

[Exploit] http://seclists.org/fulldisclosure/2014/Feb/5

[Vendor Advisory] http://secunia.com/advisories/56634

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/65291

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/90876

[Exploit, Patch] https://github.com/oyvindkinsey/easyXDM/commit/a3194d32c25a0d27a10a47304eb9c9be93ffbf13#diff-6489956f1e1f52236929b4d33cbeb2db

[Patch, Vendor Advisory] https://github.com/oyvindkinsey/easyXDM/releases/tag/2.4.19

Scores

EPSS 0.0080

EPSS Percentile 73.9%

Details

CWE

CWE-79

Status published

Products (11)

easyxdm/easyxdm < 2.4.18

easyxdm/easyxdm

... and 1 more

Published Feb 05, 2014

Tracked Since Feb 18, 2026