CVE-2014-2689

Offiria (vendor Slashes & Dots Sdn Bhd) 2.1.0 and earlier is affected by a reflected XSS via PATH_INFO to /installer/index.php. The vulnerability arises from insufficient sanitisation of user-supplied data in the URI, enabling remote script/HTML execution in the victim’s browser. CVSSv2 base scor...