CVE-2014-3875
- EPSS 0.79%
- Veröffentlicht 27.11.2019 19:15:11
- Zuletzt bearbeitet 21.11.2024 02:09:02
The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks
CVE-2014-3876
- EPSS 0.25%
- Veröffentlicht 18.06.2014 14:55:12
- Zuletzt bearbeitet 12.04.2025 10:46:40
Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter...
CVE-2014-3877
- EPSS 0.27%
- Veröffentlicht 18.06.2014 14:55:12
- Zuletzt bearbeitet 12.04.2025 10:46:40
Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup.
CVE-2012-0869
- EPSS 17.09%
- Veröffentlicht 25.09.2012 23:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20120215 allows remote attackers to inject arbitrary web script or HTML via the id parameter.
CVE-2012-1293
- EPSS 0.53%
- Veröffentlicht 25.09.2012 23:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' Fast File EXchange (F*EX, aka fex) before 20111129-2 allow remote attackers to inject arbitrary web script or HTML via the (1) to or (2) from parameters.
- EPSS 0.68%
- Veröffentlicht 24.06.2011 20:55:02
- Zuletzt bearbeitet 11.04.2025 00:51:21
Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID.