Vulnerability Details CVE-2014-3877
Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.6%
CVSS Severity
CVSS v2 Score 4.3
References
- http://fex.rus.uni-stuttgart.de/fex.html
- http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html
- https://www.lsexperts.de/advisories/lse-2014-05-22.txt
- http://fex.rus.uni-stuttgart.de/fex.html
- http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html
- https://www.lsexperts.de/advisories/lse-2014-05-22.txt
Products affected by CVE-2014-3877
-
cpe:2.3:a:ulli_horlacher:fex:20100208
-
cpe:2.3:a:ulli_horlacher:fex:20110609
-
cpe:2.3:a:ulli_horlacher:fex:20110610
-
cpe:2.3:a:ulli_horlacher:fex:20110614
-
cpe:2.3:a:ulli_horlacher:fex:20110615
-
cpe:2.3:a:ulli_horlacher:fex:20110616
-
cpe:2.3:a:ulli_horlacher:fex:20110621
-
cpe:2.3:a:ulli_horlacher:fex:20110622
-
cpe:2.3:a:ulli_horlacher:fex:20110627
-
cpe:2.3:a:ulli_horlacher:fex:20110630
-
cpe:2.3:a:ulli_horlacher:fex:20110701
-
cpe:2.3:a:ulli_horlacher:fex:20110714
-
cpe:2.3:a:ulli_horlacher:fex:20110716
-
cpe:2.3:a:ulli_horlacher:fex:20110722
-
cpe:2.3:a:ulli_horlacher:fex:20110726
-
cpe:2.3:a:ulli_horlacher:fex:20110727
-
cpe:2.3:a:ulli_horlacher:fex:20110730
-
cpe:2.3:a:ulli_horlacher:fex:20110731
-
cpe:2.3:a:ulli_horlacher:fex:20110803
-
cpe:2.3:a:ulli_horlacher:fex:20110807
-
cpe:2.3:a:ulli_horlacher:fex:20110808
-
cpe:2.3:a:ulli_horlacher:fex:20110809
-
cpe:2.3:a:ulli_horlacher:fex:20110810
-
cpe:2.3:a:ulli_horlacher:fex:20110811
-
cpe:2.3:a:ulli_horlacher:fex:20110813
-
cpe:2.3:a:ulli_horlacher:fex:20110826
-
cpe:2.3:a:ulli_horlacher:fex:20110829
-
cpe:2.3:a:ulli_horlacher:fex:20110830
-
cpe:2.3:a:ulli_horlacher:fex:20110901
-
cpe:2.3:a:ulli_horlacher:fex:20110905
-
cpe:2.3:a:ulli_horlacher:fex:20110906
-
cpe:2.3:a:ulli_horlacher:fex:20110907
-
cpe:2.3:a:ulli_horlacher:fex:20110919
-
cpe:2.3:a:ulli_horlacher:fex:20110920
-
cpe:2.3:a:ulli_horlacher:fex:20110921
-
cpe:2.3:a:ulli_horlacher:fex:20110930
-
cpe:2.3:a:ulli_horlacher:fex:20111003
-
cpe:2.3:a:ulli_horlacher:fex:20111005
-
cpe:2.3:a:ulli_horlacher:fex:20111013
-
cpe:2.3:a:ulli_horlacher:fex:20111028
-
cpe:2.3:a:ulli_horlacher:fex:20111102
-
cpe:2.3:a:ulli_horlacher:fex:20111108
-
cpe:2.3:a:ulli_horlacher:fex:20111115
-
cpe:2.3:a:ulli_horlacher:fex:20111129
-
cpe:2.3:a:ulli_horlacher:fex:20111230
-
cpe:2.3:a:ulli_horlacher:fex:20111231
-
cpe:2.3:a:ulli_horlacher:fex:2011205
-
cpe:2.3:a:ulli_horlacher:fex:20120102
-
cpe:2.3:a:ulli_horlacher:fex:20120106
-
cpe:2.3:a:ulli_horlacher:fex:20120117
-
cpe:2.3:a:ulli_horlacher:fex:20120125
-
cpe:2.3:a:ulli_horlacher:fex:20120201
-
cpe:2.3:a:ulli_horlacher:fex:20120202
-
cpe:2.3:a:ulli_horlacher:fex:20120203
-
cpe:2.3:a:ulli_horlacher:fex:20120204
-
cpe:2.3:a:ulli_horlacher:fex:20120207
-
cpe:2.3:a:ulli_horlacher:fex:20120301
-
cpe:2.3:a:ulli_horlacher:fex:20120305
-
cpe:2.3:a:ulli_horlacher:fex:20120404
-
cpe:2.3:a:ulli_horlacher:fex:20120406
-
cpe:2.3:a:ulli_horlacher:fex:20120407
-
cpe:2.3:a:ulli_horlacher:fex:20120426
-
cpe:2.3:a:ulli_horlacher:fex:20120502
-
cpe:2.3:a:ulli_horlacher:fex:20120504
-
cpe:2.3:a:ulli_horlacher:fex:20120601
-
cpe:2.3:a:ulli_horlacher:fex:20120605
-
cpe:2.3:a:ulli_horlacher:fex:20120606
-
cpe:2.3:a:ulli_horlacher:fex:20120621
-
cpe:2.3:a:ulli_horlacher:fex:20120701
-
cpe:2.3:a:ulli_horlacher:fex:20120702
-
cpe:2.3:a:ulli_horlacher:fex:20120705
-
cpe:2.3:a:ulli_horlacher:fex:20120709
-
cpe:2.3:a:ulli_horlacher:fex:20120710
-
cpe:2.3:a:ulli_horlacher:fex:20120711
-
cpe:2.3:a:ulli_horlacher:fex:20120715
-
cpe:2.3:a:ulli_horlacher:fex:20120718
-
cpe:2.3:a:ulli_horlacher:fex:20121027
-
cpe:2.3:a:ulli_horlacher:fex:20130211
-
cpe:2.3:a:ulli_horlacher:fex:20130805
-
cpe:2.3:a:ulli_horlacher:fex:20140313
-
cpe:2.3:a:ulli_horlacher:fex:2014053