CVE-2014-3974

AuraCMS <3.0 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mustafa ALTINKAYNAK · textwebappsphp

https://www.exploit-db.com/exploits/33555

View Code ZIP pw:eip

References (5)

[Exploit] http://bot24.blogspot.com/2014/05/auracms-30-cross-site-scripting-local.html

[Third Party Advisory, VDB Entry] http://osvdb.org/show/osvdb/107554

[Exploit] http://packetstormsecurity.com/files/126843/AuraCMS-3.0-Cross-Site-Scripting-Local-File-Inclusion.html

[Third Party Advisory] http://secunia.com/advisories/58850

[Exploit] http://www.exploit-db.com/exploits/33555

Scores

EPSS 0.0471

EPSS Percentile 89.3%

Details

CWE

CWE-79

Status published

Products (2)

auracms/auracms < 3.0

n/a/n/a

Published Jun 05, 2014

Tracked Since Feb 18, 2026