CVE-2014-100038

2015-01-1315:00:00

mitre

www.cve.org

5.7 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

57.0%

JSON

Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter to search/.

References

secunia.com/advisories/57182

exchange.xforce.ibmcloud.com/vulnerabilities/91762

www.netsparker.com/critical-xss-vulnerabilities-in-storytlr/