CVE-2014-8352
N/A
N/A
Summary
Cross-site scripting (XSS) vulnerability in json.php in French National Commission on Informatics and Liberty (aka CNIL) CookieViz allows remote we servers to inject arbitrary web script or HTML via the max_date parameter.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/LaboCNIL/CookieViz/commit/489b6050f6c53fe7b24c4bed3eeb9c25543960e2
- http://seclists.org/fulldisclosure/2014/Nov/3
- http://packetstormsecurity.com/files/128960/CNIL-CookieViz-Cross-Site-Scripting-SQL-Injection.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98452
References
- https://github.com/LaboCNIL/CookieViz/commit/489b6050f6c53fe7b24c4bed3eeb9c25543960e2
- http://seclists.org/fulldisclosure/2014/Nov/3
- http://packetstormsecurity.com/files/128960/CNIL-CookieViz-Cross-Site-Scripting-SQL-Injection.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98452
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.