CVE-2014-3207
SKS Keyserver < 1.1.5 - Cross-Site Scripting via PATH_INFO to pks/lookup/undefined1
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67198
Exploit, Patch x_refsource_confirm
https://bitbucket.org/skskeyserver/sks-keyserver/commits/88d453cdc858d1352c61a4d4a6cd5b1ac17f2724
Issue Tracking x_refsource_misc
https://bugzilla.mozilla.org/show_bug.cgi?id=952077
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/57965
Exploit x_refsource_confirm
https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss
Scores
EPSS
0.0031
EPSS Percentile
53.8%
Details
CWE
CWE-79
Status
published
Products (12)
sks_keyserver_project/sks_keyserver
0.1.0
sks_keyserver_project/sks_keyserver
0.1.1
sks_keyserver_project/sks_keyserver
0.1.2
sks_keyserver_project/sks_keyserver
0.1.3
sks_keyserver_project/sks_keyserver
1.0.2
sks_keyserver_project/sks_keyserver
1.0.3
sks_keyserver_project/sks_keyserver
1.0.5
sks_keyserver_project/sks_keyserver
1.1.0
sks_keyserver_project/sks_keyserver
1.1.1
sks_keyserver_project/sks_keyserver
1.1.2
... and 2 more
Published
May 08, 2014
Tracked Since
Feb 18, 2026