CVE-2014-5193

Sphider - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mike Manzotti · textwebappsphp

https://www.exploit-db.com/exploits/34189

View Code ZIP pw:eip

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/109800

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/show/osvdb/109799

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/34189

Scores

EPSS 0.0268

EPSS Percentile 85.9%

Details

CWE

CWE-79

Status published

Products (1)

sphider/sphider 1.3.6

Published Aug 07, 2014

Tracked Since Feb 18, 2026