Vulnerability Description
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone, (2) Street, (3) Address line, (4) Zip code, or (5) City field to main/auth/profile.php; (6) Subject field to main/social/groups.php; or (7) Message body field to main/messages/view_message.php.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dokeos Project | Dokeos | 2.1.1 |
Related Weaknesses (CWE)
References
- http://seclists.org/oss-sec/2014/q1/258Exploit
- http://seclists.org/oss-sec/2014/q1/286
- http://www.securityfocus.com/bid/65416
- http://www.xchg.info/?p=381Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91295
- http://seclists.org/oss-sec/2014/q1/258Exploit
- http://seclists.org/oss-sec/2014/q1/286
- http://www.securityfocus.com/bid/65416
- http://www.xchg.info/?p=381Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91295
FAQ
What is CVE-2014-1877?
CVE-2014-1877 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone, (2) Street, (3) Address line, (4) Zip code, or (5) ...
How severe is CVE-2014-1877?
CVE-2014-1877 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1877?
Check the references section above for vendor advisories and patch information. Affected products include: Dokeos Project Dokeos.