CVE-2014-100004

Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web script or HTML via the xmlcontrol parameter to the default URI. NOTE: some of these details are obtained from third party information.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sitecore:cms:*:3:*:*:*:*:*:*

History

No history.

Information

Published : 2015-01-13 11:59

Updated : 2024-02-04 18:35


NVD link : CVE-2014-100004

Mitre link : CVE-2014-100004

CVE.ORG link : CVE-2014-100004


JSON object : View

Products Affected

sitecore

  • cms
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')