CVE-2014-6420
MEDIUMLivefyre LiveComments 3.0 - Stored Cross-Site Scripting via Uploaded Picture Name
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2014-6420. PoCs published by Brij Kishore Mishra.
AI-analyzed exploit summary This is a writeup describing a stored XSS vulnerability in the Livefyre LiveComments Plugin v3.0. The exploit involves intercepting and modifying the 'name' variable during image upload to inject an XSS payload, which executes when the comment is posted.
Description
Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture.
Exploits (1)
This is a writeup describing a stored XSS vulnerability in the Livefyre LiveComments Plugin v3.0. The exploit involves intercepting and modifying the 'name' variable during image upload to inject an XSS payload, which executes when the comment is posted.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N