Unrated severityNVD Advisory· Published Feb 5, 2014· Updated Apr 29, 2026
CVE-2014-1403
CVE-2014-1403
Description
Cross-site scripting (XSS) vulnerability in name.html in easyXDM before 2.4.19 allows remote attackers to inject arbitrary web script or HTML via the location.hash value.
Affected products
10cpe:2.3:a:easyxdm:easyxdm:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:easyxdm:easyxdm:*:*:*:*:*:*:*:*range: <=2.4.18
- cpe:2.3:a:easyxdm:easyxdm:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:easyxdm:easyxdm:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:easyxdm:easyxdm:2.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:easyxdm:easyxdm:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:easyxdm:easyxdm:2.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:easyxdm:easyxdm:2.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:easyxdm:easyxdm:2.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:easyxdm:easyxdm:2.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:easyxdm:easyxdm:2.4.6:*:*:*:*:*:*:*
Patches
1a3194d32c25ahttps://github.com/oyvindkinsey/easyXDMvia nvd-ref
Vulnerability mechanics
Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/oyvindkinsey/easyXDM/releases/tag/2.4.19nvdPatchVendor Advisory
- blog.kotowicz.net/2014/01/xssing-with-shakespeare-name-calling.htmlnvdExploit
- seclists.org/fulldisclosure/2014/Feb/5nvdExploit
- github.com/oyvindkinsey/easyXDM/commit/a3194d32c25a0d27a10a47304eb9c9be93ffbf13nvdExploitPatch
- secunia.com/advisories/56634nvdVendor Advisory
- osvdb.org/102803nvd
- www.securityfocus.com/bid/65291nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/90876nvd
News mentions
0No linked articles in our index yet.