CVE-2014-6027: XSS
First published: Thu Aug 28 2014(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 allow (1) remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file or (2) remote authenticated users to inject arbitrary web script or HTML via vectors involving a link to torrent details.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Torrentflux Project Torrentflux | =2.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.vulnserver.com/torrentflux/details.php?torrent=pclinuxos_kde_201
- http://linuxtracker.org:2710/0000000000000000000000000
- http://linuxtracker.org:2710/00000000000000000000000000000000/annou
- https://bugs.debian.org/761008
- http://snapshot.debian.org/
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759574
- http://www.openwall.com/lists/oss-security/2014/09/02/3
- http://www.securitytracker.com/id/1030791
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/event
- collector/debian-bugs
- source/Debian
- alias/CVE-2014-6027
- vendor/torrentflux project
- canonical/torrentflux project torrentflux
- version/torrentflux project torrentflux/2.4