CVE-2014-3877
Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup.
Ver en NVDSeveridad
N/A
EPSS
Probabilidad de explotación (próx. 30 días): 0.0027 (0.3%)
Percentil: 50.7%
EPSS: 2026-05-06
Afecta
ulli_horlacher:fexDescripción técnica
Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup.
Publicada: 18/6/2014, 14:55:12
Última modificación: 6/5/2026, 22:30:45
Referencias
- http://fex.rus.uni-stuttgart.de/fex.html
- http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html
- https://www.lsexperts.de/advisories/lse-2014-05-22.txt
- http://fex.rus.uni-stuttgart.de/fex.html
- http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html
- https://www.lsexperts.de/advisories/lse-2014-05-22.txt