Cross-Site Scripting Vulnerability in Codiad by Codiad Team
CVE-2014-9582

Currently unrated

Key Information:

Vendor: Codiad
Status: Codiad
Vendor: CVE Published:; 8 January 2015

What is CVE-2014-9582?

A cross-site scripting vulnerability exists in Codiad 2.4.3, located in the components/filemanager/dialog.php file. This flaw allows remote attackers to manipulate the application by injecting arbitrary web scripts or HTML via the short_name parameter during a rename action. Exploiting this vulnerability could enable attackers to execute malicious scripts within the context of the user's browser session, potentially leading to unauthorized actions or data theft. This issue was incorrectly attributed to a different CVE initially, emphasizing the need for accurate vulnerability assessment.

References

http://www.exploit-db.com/exploits/35585

exploitx_refsource_EXPLOIT-DB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 8, 2015
Vulnerability Reserved
Jan 8, 2015