Vulnerability Details CVE-2014-6027
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.4%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.openwall.com/lists/oss-security/2014/09/02/3
- http://www.securitytracker.com/id/1030791
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759574
- http://www.openwall.com/lists/oss-security/2014/09/02/3
- http://www.securitytracker.com/id/1030791
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759574
Products affected by CVE-2014-6027
-
cpe:2.3:a:torrentflux_project:torrentflux:2.4