CVE-2014-2236

N/A Unknown

Published: March 05, 2014 Modified: May 06, 2026

Description

Multiple cross-site scripting (XSS) vulnerabilities in Askbot before 0.7.49 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) tag or (2) user search forms.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://secunia.com/advisories/57163

Source: secalert@redhat.com

Vendor Advisory

http://www.openwall.com/lists/oss-security/2014/02/28/8

Source: secalert@redhat.com

http://www.securityfocus.com/bid/65885

Source: secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1070852

Source: secalert@redhat.com

https://github.com/ASKBOT/askbot-devel/commit/876e3662ff6b78cc6241338c15e3a0cb49edf4e2#diff-b693b4c02739be4b3231bece15b0eb87

Source: secalert@redhat.com

Exploit Patch

https://github.com/ASKBOT/askbot-devel/commit/a676a86b6b7a5737d4da4f59f71e037406f88d29

Source: secalert@redhat.com

Exploit Patch

http://secunia.com/advisories/57163