CVE Record: CVE-2014-3737

Required CVE Record Information

Description

Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to brand.php, related to the currencyUrl function.

Product Status

Learn more

Information not provided

References 6 Total

Updated: 2024-08-06

This container includes required additional information provided by the CVE Program for this vulnerability.

References 6 Total

securityfocus.com: 68197
external site
vdb-entryx_transferred
http://www.storesprite.com/docs/26/htb23215_xss_vulnerability/
external site
x_transferred
securityfocus.com: 20140625 Reflected Cross-Site Scripting (XSS) Vulnerability in Storesprite
external site
mailing-listx_transferred
https://www.htbridge.com/advisory/HTB23215
external site
x_transferred
secunia.com: 59524
external site
third-party-advisoryx_transferred
http://packetstormsecurity.com/files/127221/Storesprite-7-Cross-Site-Scripting.html
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: MITRE Corporation

Description

Product Status

References 6 Total

CVE Program

References 6 Total