CVE-2014-2236
askbot < 0.7.49 - Cross-Site Scripting via Tag or User Search Forms
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) tag or (2) user search forms.
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57163
Exploit, Patch x_refsource_confirm
https://github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2#diff-b693b4c02739be4b3231bece15b0eb87
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/65885
Exploit, Patch x_refsource_confirm
https://github.com/ASKBOT/askbot-devel/commit/a676a86b6b7a5737d4da4f59f71e037406f88d29
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1070852
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2014/02/28/8
Scores
EPSS
0.0209
EPSS Percentile
79.3%
Details
CWE
CWE-79
Status
published
Products (9)
askbot/askbot
0.7.40
askbot/askbot
0.7.41
askbot/askbot
0.7.42
askbot/askbot
0.7.43
askbot/askbot
0.7.44
askbot/askbot
0.7.45
askbot/askbot
0.7.46
askbot/askbot
0.7.47
askbot/askbot
< 0.7.48
Published
Mar 05, 2014
Tracked Since
Feb 18, 2026