2 matches found
CVE-2014-3148
CVE-2014-3148 is an XSS vulnerability in OkCupid OKWS (OK Web Server), originating from the libahttp/err.c handling of PATH_INFO for non-existent pages. A remote attacker can inject arbitrary web script/HTML by crafting a request to a non-existent page, exploiting improper filtering on the 404 er...
OKCupid Cross Site Scripting
Title: OKCupid Server Error Page XSS Severity: High CVE-ID: CVE-2014-3148 Re-release: 20 September 2014 Author: Kenneth F. Belva Websites: http://silverbackventuresllc.com http://xssWarrior.com http://securitymaverick.com Twitter: @infosecmaverick Contact: Please use website contact form. Mail:...