CVE-2014-3875
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2014-3875
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2014-3875.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2014-3875
- Published
- 2019-11-27T19:15:11Z
- Modified
- 2025-01-08T03:27:18.321393Z
- Downstream
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks
- References
-
- http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html
- http://www.securityfocus.com/bid/67783
- http://seclists.org/fulldisclosure/2014/Jun/1
- http://www.openwall.com/lists/oss-security/2014/06/03/6
- https://security-tracker.debian.org/tracker/CVE-2014-3875
Affected packages
Debian:11 / fex
Package
- Name
- fex
- Purl
- pkg:deb/debian/fex?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20140530-1
Affected versions
Other
20110601-1
20110608-1
20110608-2
20110610-1
20110610-2
20110620-1
20110622-1
20110726-1~bpo60+1
20110726-1
20111129-1
20111129-2
20120215-1
20120215-2
20120215-3~bpo60+1
20120215-3
20120718-1
20120718-2
20120718-3
20120718-4
20120718-5
20120930-1
20121027-1
20121107-1~bpo60+1
20121107-1
20130217-1
20130510-1
20130805-1
20140226-1
20140313-1
Debian:12 / fex
Package
- Name
- fex
- Purl
- pkg:deb/debian/fex?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20140530-1
Affected versions
Other
20110601-1
20110608-1
20110608-2
20110610-1
20110610-2
20110620-1
20110622-1
20110726-1~bpo60+1
20110726-1
20111129-1
20111129-2
20120215-1
20120215-2
20120215-3~bpo60+1
20120215-3
20120718-1
20120718-2
20120718-3
20120718-4
20120718-5
20120930-1
20121027-1
20121107-1~bpo60+1
20121107-1
20130217-1
20130510-1
20130805-1
20140226-1
20140313-1
Debian:13 / fex
Package
- Name
- fex
- Purl
- pkg:deb/debian/fex?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20140530-1
Affected versions
Other
20110601-1
20110608-1
20110608-2
20110610-1
20110610-2
20110620-1
20110622-1
20110726-1~bpo60+1
20110726-1
20111129-1
20111129-2
20120215-1
20120215-2
20120215-3~bpo60+1
20120215-3
20120718-1
20120718-2
20120718-3
20120718-4
20120718-5
20120930-1
20121027-1
20121107-1~bpo60+1
20121107-1
20130217-1
20130510-1
20130805-1
20140226-1
20140313-1