Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2861


Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2861
Last Modified 16 Apr 2014 10:08:34
Published 15 Apr 2014 07:13:17
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE



Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string, as demonstrated by bypassing a protection mechanism that removes only the "alert" string.

Vulnerable Systems


  • Paperthin Commonspot Content Server 7.0.1

  • Paperthin Commonspot Content Server 8.0.0

  • Paperthin Commonspot Content Server 8.0.1

  • Paperthin Commonspot Content Server 8.0.2


CERT-VN - VU#437385

Last Updated: 27 May 2016 11:05:00