Vulnerability Description
Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ulli Horlacher | Fex | <= 20140313 |
References
- http://fex.rus.uni-stuttgart.de/fex.htmlPatch
- http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-SplittExploit
- https://www.lsexperts.de/advisories/lse-2014-05-22.txtExploit
- http://fex.rus.uni-stuttgart.de/fex.htmlPatch
- http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-SplittExploit
- https://www.lsexperts.de/advisories/lse-2014-05-22.txtExploit
FAQ
What is CVE-2014-3877?
CVE-2014-3877 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup...
How severe is CVE-2014-3877?
CVE-2014-3877 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3877?
Check the references section above for vendor advisories and patch information. Affected products include: Ulli Horlacher Fex.