CVE-2014-9434

Absolut Engine 1.73 - Authenticated Cross-Site Scripting via Title Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-9434.

AI-analyzed exploit summary This advisory details multiple SQL injection and reflected XSS vulnerabilities in Absolut Engine v1.73 CMS, providing specific exploit examples and technical descriptions of the vulnerabilities.

Description

Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter.

Exploits (1)

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/35670

View Code ZIP pw:eip

This advisory details multiple SQL injection and reflected XSS vulnerabilities in Absolut Engine v1.73 CMS, providing specific exploit examples and technical descriptions of the vulnerabilities.

Classification

Writeup 95%

Attack Type

Sqli | Xss

Complexity

Trivial

Reliability

Reliable

Target: Absolut Engine v1.73 CMS

Auth required

Prerequisites: Valid admin session · Access to administrative backend

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit x_refsource_misc

http://sroesemann.blogspot.de/2014/12/sroeadv-2014-08.html

Exploit mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2014/Dec/131

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/71822

Scores

EPSS 0.0156

EPSS Percentile 72.0%

Details

CWE

CWE-79

Status published

Products (1)

absolutengine/absolut_engine 1.73

Published Jan 02, 2015

Tracked Since Feb 18, 2026