CVE-2014-7200

dmmjobcontrol < 2.14.0 - Cross-Site Scripting via tx_dmmjobcontrol_pi1[search][keyword] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-7200.

AI-analyzed exploit summary The advisory details multiple vulnerabilities in the TYPO3 extension 'dmmjobcontrol' (version 2.14.0), including unauthenticated blind SQL injection and reflected XSS. It provides proof-of-concept URLs and mitigation steps but does not include functional exploit code.

Description

Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via the tx_dmmjobcontrol_pi1[search][keyword] parameter to jobs/.

Exploits (1)

exploitdb WRITEUP
webappsphp
https://www.exploit-db.com/exploits/34800

The advisory details multiple vulnerabilities in the TYPO3 extension 'dmmjobcontrol' (version 2.14.0), including unauthenticated blind SQL injection and reflected XSS. It provides proof-of-concept URLs and mitigation steps but does not include functional exploit code.

Classification
Writeup 100%
Attack Type
Sqli | Xss
Complexity
Trivial
Reliability
Reliable
Target: dmmjobcontrol (TYPO3 Extension) 2.14.0
No auth needed
Prerequisites: Access to the vulnerable TYPO3 extension endpoint
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (5)

Core 5

Scores

EPSS 0.0324
EPSS Percentile 86.7%

Details

CWE
CWE-79
Status published
Products (1)
kevin_renskers/dmmjobcontrol < 2.14.0
Published Oct 10, 2014
Tracked Since Feb 18, 2026