← Back

CVE-2014-4301

nvd nist
Published: Jun 18, 2014Modified: May 6, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page.

Affected (22)

Products: Ajenti: Ajenti
Ajenti
1 product
Ajenti
Configuration A
22 vulnerable
Vulnerable SoftwareAffected Versions
Ajenti
Ajenti
Up to 1.2.21
Ajenti
Version 1.2.0
Ajenti
Version 1.2.10
Ajenti
Version 1.2.11.2
Ajenti
Version 1.2.12
Ajenti
Version 1.2.13
Ajenti
Version 1.2.14
Ajenti
Version 1.2.15
Ajenti
Version 1.2.16
Ajenti
Version 1.2.17
Ajenti
Version 1.2.18
Ajenti
Version 1.2.19
Ajenti
Version 1.2.1
Ajenti
Version 1.2.20
Ajenti
Version 1.2.2
Ajenti
Version 1.2.3
Ajenti
Version 1.2.4
Ajenti
Version 1.2.5
Ajenti
Version 1.2.6
Ajenti
Version 1.2.7
Ajenti
Version 1.2.8
Ajenti
Version 1.2.9

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (8)

Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
ExploitPatch
Source: cve@mitre.org
ExploitPatch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatch
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitPatch

Timeline

No history available yet.