CVE-2014-7264 in Chyrpinfo

Summary

Multiple cross-site scripting (XSS) vulnerabilities in admin/themes/default/pages/manage_users.twig in the Users Management feature in the admin component in Chyrp before 2.5.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) user.email or (2) user.website field in a user registration.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Reservation

09/30/2014

Disclosure

12/11/2014

Entries

1

CPE

ready

CVSS

3.5

EPSS

0.00180

CTI

Very Low

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2014-7264
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2014-7264
CVE Detailshttps://www.cvedetails.com/cve/CVE-2014-7264/

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!