CVE-2014-3974
AuraCMS 3.0 and earlier is affected by an XSS in filemanager.php (via the viewdir parameter). The vulnerability stems from unsanitized input in viewdir, enabling injection of arbitrary script/HTML. Affected product is AuraCMS; version scope is 3.0 and earlier. Public references indicate the issue...