Cross-Site Scripting Vulnerability in Telerik UI for ASP.NET AJAX RadEditor
CVE-2014-4958

Currently unrated

Key Information:

Vendor: Telerik
Status: Asp.net Ajax Radeditor Control
Vendor: CVE Published:; 26 September 2014

What is CVE-2014-4958?

The vulnerability allows remote attackers to inject arbitrary web script or HTML into Telerik UI for ASP.NET AJAX RadEditor via CSS expressions in style attributes. This can lead to unauthorized actions performed on behalf of other users, exposing sensitive data and compromising application security. Developers should implement proper input validation and output encoding to mitigate potential risks associated with this vulnerability.

References

http://packetstormsecurity.com/files/128414/Telerik-ASP.N...

x_refsource_MISC

http://www.securityfocus.com/archive/1/533537/30/0/threaded

mailing-listx_refsource_BUGTRAQ

http://maverickblogging.com/disclosing-cve-2014-4958-stor...

x_refsource_MISC

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2014
Vulnerability Reserved
Jul 14, 2014