CVE-2014-3974

Cross-site scripting XSS vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter...

CVE-2014-3974

Cross-site scripting XSS vulnerability in filemanager.php in AuraCMS 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the viewdir parameter...

CVE-2014-3974

AuraCMS 3.0 and earlier is affected by an XSS in filemanager.php (via the viewdir parameter). The vulnerability stems from unsanitized input in viewdir, enabling injection of arbitrary script/HTML. Affected product is AuraCMS; version scope is 3.0 and earlier. Public references indicate the issue...