CVE-2014-3876
EPSS 0.25%
Description
Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey parameter to rup or (2) disclaimer or (3) gm parameter to fuc.
How to fix CVE-2014-3876
To remediate CVE-2014-3876, upgrade the affected package to a fixed version below.
- Debian/fex—upgrade to 20140530-1 or later
Is CVE-2014-3876 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 20140530-1