CVE-2014-2866
CommonSpot Content Server < 7.0.1 and 8.x < 8.0.3 - Remote Code Execution via Client-Side Access Control Bypass
Title source: llmDescription
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on client JavaScript code for access restrictions, which allows remote attackers to perform unspecified operations by modifying this code.
References (1)
Core 1
Core References
US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/437385
Scores
EPSS
0.0341
EPSS Percentile
87.4%
Details
CWE
CWE-94
Status
published
Products (4)
paperthin/commonspot_content_server
8.0.0
paperthin/commonspot_content_server
8.0.1
paperthin/commonspot_content_server
8.0.2
paperthin/commonspot_content_server
< 7.0.1
Published
Apr 15, 2014
Tracked Since
Feb 18, 2026