CVE-2014-8674: XSS
First published: Mon Jan 06 2020(Updated: )
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Soplanning Soplanning | <1.33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2014-8674?
CVE-2014-8674 is a vulnerability that allows for multiple cross-site scripting (XSS) attacks in Simple Online Planning (SOPlanning) before version 1.33.
How does CVE-2014-8674 work?
CVE-2014-8674 exploits vulnerabilities in the nb_mois and mb_ligness parameters and the debug GET parameter in the export.php file of SOPlanning, allowing malicious users to execute arbitrary code.
What is the severity of CVE-2014-8674?
CVE-2014-8674 has a severity rating of 5.4, which is considered medium.
How can I fix CVE-2014-8674?
To fix CVE-2014-8674, update your version of SOPlanning to 1.33 or later, where the vulnerability has been patched.
Where can I find more information about CVE-2014-8674?
You can find more information about CVE-2014-8674 at the following references: [1] http://packetstormsecurity.com/files/132654/Simple-Online-Planning-Tool-1.3.2-XSS-SQL-Injection-Traversal.html [2] http://seclists.org/fulldisclosure/2015/Jul/44 [3] http://www.securityfocus.com/bid/75726
- collector/nvd-index
- vendor/soplanning
- canonical/soplanning soplanning