CVE-2014-2236
on github
Published
Severity
CVSS v3:
N/A
CVSS v2:
4.3 MEDIUM
Description
Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) tag or (2) user search forms.
References
- https://github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2#diff-b693b4c02739be4b3231bece15b0eb87
- https://github.com/ASKBOT/askbot-devel/commit/a676a86b6b7a5737d4da4f59f71e037406f88d29
- http://www.openwall.com/lists/oss-security/2014/02/28/8
- http://secunia.com/advisories/57163
- https://bugzilla.redhat.com/show_bug.cgi?id=1070852
- http://www.securityfocus.com/bid/65885
Configurations
| CPE23 | Version Start | Version End | Exact Version |
|---|---|---|---|
| cpe:2.3:a:askbot:askbot:0.7.44:*:*:*:*:*:*:* | n/a | n/a | 0.7.44 |
| cpe:2.3:a:askbot:askbot:0.7.42:*:*:*:*:*:*:* | n/a | n/a | 0.7.42 |
| cpe:2.3:a:askbot:askbot:0.7.46:*:*:*:*:*:*:* | n/a | n/a | 0.7.46 |
| cpe:2.3:a:askbot:askbot:0.7.47:*:*:*:*:*:*:* | n/a | n/a | 0.7.47 |
| cpe:2.3:a:askbot:askbot:0.7.41:*:*:*:*:*:*:* | n/a | n/a | 0.7.41 |
| cpe:2.3:a:askbot:askbot:*:*:*:*:*:*:*:* | n/a | 0.7.48 (including) | * |
| cpe:2.3:a:askbot:askbot:0.7.43:*:*:*:*:*:*:* | n/a | n/a | 0.7.43 |
| cpe:2.3:a:askbot:askbot:0.7.40:*:*:*:*:*:*:* | n/a | n/a | 0.7.40 |
| cpe:2.3:a:askbot:askbot:0.7.45:*:*:*:*:*:*:* | n/a | n/a | 0.7.45 |