Cross-site Scripting Vulnerability in HHVM by Facebook
CVE-2014-9714
Currently unrated
What is CVE-2014-9714?
An XSS vulnerability exists in the WddxPacket::recursiveAddVar function of HHVM prior to version 3.5.0. This flaw permits remote attackers to inject arbitrary web scripts or HTML through specially crafted strings sent to the wddx_serialize_value function, potentially compromising web application security and user data.