Cross-site Scripting Vulnerability in Ajenti by Eugene Pankov
CVE-2014-2260

Currently unrated

Key Information:

Vendor: Ajenti
Status: Ajenti
Vendor: CVE Published:; 30 April 2014

What is CVE-2014-2260?

A cross-site scripting (XSS) vulnerability exists in Ajenti 1.2.13 that permits remote authenticated users to execute arbitrary web scripts or HTML. This is possible through the command field in the Cron functionality, potentially allowing an attacker to manipulate web content and execute malicious code within the context of the user's session.

References

http://www.securityfocus.com/bid/64982

vdb-entryx_refsource_BID

http://www.osvdb.org/102174

vdb-entryx_refsource_OSVDB

http://packetstormsecurity.com/files/124804/Ajenti-1.2.13...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 30, 2014
Vulnerability Reserved
Feb 28, 2014

CVE-2014-2260 Data

JSON