Multiple Cross-Site Scripting Vulnerabilities in Ajenti by Eugene Pankov
CVE-2014-4301

Currently unrated

Key Information:

Vendor: Ajenti
Status: Ajenti
Vendor: CVE Published:; 18 June 2014

What is CVE-2014-4301?

Ajenti prior to version 1.2.21.7 contains multiple Cross-Site Scripting (XSS) vulnerabilities within the respond_error function in routing.py. Remote attackers can exploit these vulnerabilities by injecting arbitrary web scripts or HTML through the PATH_INFO. This enables unauthorized execution of scripts or HTML content via affected resources like resources.js or resources.css on the traceback page, posing significant security risks for deployed instances.

References

https://github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55...

x_refsource_CONFIRM

http://secunia.com/advisories/59177

third-party-advisoryx_refsource_SECUNIA

https://www.netsparker.com/critical-xss-vulnerabilities-i...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 18, 2014
Vulnerability Reserved
Jun 18, 2014

CVE-2014-4301 Data

JSON