Unrated severityNVD Advisory· Published Jun 18, 2014· Updated May 6, 2026

CVE-2014-3877

Description

Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup.

Affected products

Ulli Horlacher/Fex
cpe:2.3:a:ulli_horlacher:fex:*:*:*:*:*:*:*:*
Range: <=20140313

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

fex.rus.uni-stuttgart.de/fex.htmlnvdPatch
packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.htmlnvdExploit
www.lsexperts.de/advisories/lse-2014-05-22.txtnvdExploit

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000