CVE-2014-3207
Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0031 (0.3%)
Percentil: 53.7%
EPSS: 2026-05-06
Afecta
sks_keyserver_project:sks_keyserverDescripción técnica
Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.
Publicada: 8/5/2014, 14:29:15
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://secunia.com/advisories/57965
- http://www.securityfocus.com/bid/67198
- https://bitbucket.org/skskeyserver/sks-keyserver/commits/88d453cdc858d1352c61a4d4a6cd5b1ac17f2724
- https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss
- https://bugzilla.mozilla.org/show_bug.cgi?id=952077
- http://secunia.com/advisories/57965
- http://www.securityfocus.com/bid/67198
- https://bitbucket.org/skskeyserver/sks-keyserver/commits/88d453cdc858d1352c61a4d4a6cd5b1ac17f2724