Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2024

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2024
Last Modified 25 Mar 2014 08:43:57
Published 14 Mar 2014 10:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2024

Summary

Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/.

Vulnerable Systems

Application

  • Openclassifieds Open Classifieds 2 2.0

  • Openclassifieds Open Classifieds 2 2.0.1

  • Openclassifieds Open Classifieds 2 2.0.2

  • Openclassifieds Open Classifieds 2 2.0.3

  • Openclassifieds Open Classifieds 2 2.0.4

  • Openclassifieds Open Classifieds 2 2.0.5

  • Openclassifieds Open Classifieds 2 2.0.6

  • Openclassifieds Open Classifieds 2 2.0.7

  • Openclassifieds Open Classifieds 2 2.0.8

  • Openclassifieds Open Classifieds 2 2.1

  • Openclassifieds Open Classifieds 2 2.1.1

  • Openclassifieds Open Classifieds 2 2.1.2


References

MISC - https://www.htbridge.com/advisory/HTB23204

BUGTRAQ - 20140312 Cross-Site Scripting (XSS) in Open Classifieds

CONFIRM - https://github.com/open-classifieds/openclassifieds2/issues/556

CONFIRM - https://github.com/open-classifieds/openclassifieds2/commit/45ee8fb601a91b8a4238229580a32a4fd8d96ef9


Last Updated: 27 May 2016 11:04:38