Description

Cross-site scripting (XSS) vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value.

Remediation

References

http://blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.html

http://osvdb.org/102803

http://seclists.org/fulldisclosure/2014/Feb/5

http://secunia.com/advisories/56634

http://www.securityfocus.com/bid/65291

https://exchange.xforce.ibmcloud.com/vulnerabilities/90876

https://github.com/oyvindkinsey/easyXDM/commit/a3194d32c25a0d27a10a47304eb9c9be93ffbf13#diff-6489956f1e1f52236929b4d33cbeb2db

https://github.com/oyvindkinsey/easyXDM/releases/tag/2.4.19

Related Vulnerabilities

CVE-2018-3721 Vulnerability in npm package lodash._basemerge

CVE-2023-33001 Vulnerability in maven package com.datapipe.jenkins.plugins:hashicorp-vault-plugin

CVE-2020-7622 Vulnerability in maven package io.jooby:jooby-netty

CVE-2023-31454 Vulnerability in maven package org.apache.inlong:manager-service

CVE-2021-4264 Vulnerability in maven package org.webjars.bower:dustjs-linkedin

Severity

Critical

Classification

CWE-79

Tags

Exploit Vendor Advisory Patch