CVE-2014-2861
published 2014-04-15CVE-2014-2861: Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS)…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
2.14%
79.7th percentile
Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string, as demonstrated by bypassing a protection mechanism that removes only the "alert" string.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| paperthin | commonspot_content_server | <= 7.0.1 | — |
| paperthin | commonspot_content_server | — | — |
| paperthin | commonspot_content_server | — | — |
| paperthin | commonspot_content_server | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SERVER WEBSHELL CFM Shell Access
suricata·2014-03-18
CVE-2010-2861 ET WEB_SERVER WEBSHELL CFM Shell Access
ET WEB_SERVER WEBSHELL CFM Shell Access
Rule: alert http $HTTP_SERVERS any -> $EXTERNAL_NET any (msg:"ET WEB_SERVER WEBSHELL CFM Shell Access"; flow:established,to_client; file.data; content:"CFM shell"; nocase; reference:url,blog.spiderlabs.com/2014/03/coldfusion-admin-compromise-analysis-cve-2010-2861.html; classtype:successful-admin; sid:2018290; rev:3; metadata:created_at 2014_03_18, signature_severity Major, updated_at 2024_03_13;)
No public exploits indexed.
No writeups or analysis indexed.
2014-04-15
Published