Vulnerability Description
Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-apartments-rooms/.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openclassifieds | Open Classifieds 2 | <= 2.1.2 |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/archive/1/531428/100/0/threaded
- https://github.com/open-classifieds/openclassifieds2/commit/45ee8fb601a91b8a4238ExploitPatch
- https://github.com/open-classifieds/openclassifieds2/issues/556Exploit
- https://www.htbridge.com/advisory/HTB23204Exploit
- http://www.securityfocus.com/archive/1/531428/100/0/threaded
- https://github.com/open-classifieds/openclassifieds2/commit/45ee8fb601a91b8a4238ExploitPatch
- https://github.com/open-classifieds/openclassifieds2/issues/556Exploit
- https://www.htbridge.com/advisory/HTB23204Exploit
FAQ
What is CVE-2014-2024?
CVE-2014-2024 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-a...
How severe is CVE-2014-2024?
CVE-2014-2024 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-2024?
Check the references section above for vendor advisories and patch information. Affected products include: Openclassifieds Open Classifieds 2.