CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2014-1224

Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting (XSS) attacks via the oninput event handler in the fname parameter to the default URI in /reg.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 53.6%

CVSS Severity

CVSS v2 Score 4.3

References

http://seclists.org/fulldisclosure/2014/Mar/389
http://secunia.com/advisories/56310
http://www.securityfocus.com/archive/1/531654/100/0/threaded
https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-002/-rexx-recruitment-cross-site-scripting-in-user-registration
http://seclists.org/fulldisclosure/2014/Mar/389
http://secunia.com/advisories/56310
http://www.securityfocus.com/archive/1/531654/100/0/threaded
https://www.redteam-pentesting.de/en/advisories/rt-sa-2014-002/-rexx-recruitment-cross-site-scripting-in-user-registration

Products affected by CVE-2014-1224

Rexx-Systems » Recruitment » Version: r6.1

cpe:2.3:a:rexx-systems:recruitment:r6.1
Rexx-Systems » Recruitment » Version: r7.0

cpe:2.3:a:rexx-systems:recruitment:r7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2014-1224

Products

Pricing

Contact Us