CVE-2014-2235

Askbot <0.7.49 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 allows remote attackers to inject arbitrary web script or HTML via vectors related to the question search form.

References (5)

[Vendor Advisory] http://secunia.com/advisories/57163

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=1070852

[Exploit, Patch] https://github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/65885

[Mailing List] http://www.openwall.com/lists/oss-security/2014/02/28/8

Scores

EPSS 0.0029

EPSS Percentile 52.5%

Details

CWE

CWE-79

Status published

Products (2)

askbot/askbot < 0.7.48

n/a/n/a

Published Mar 05, 2014

Tracked Since Feb 18, 2026