Moderate severityNVD Advisory· Published Jun 18, 2014· Updated May 6, 2026
CVE-2014-4301
CVE-2014-4301
Description
Multiple cross-site scripting (XSS) vulnerabilities in the respond_error function in routing.py in Eugene Pankov Ajenti before 1.2.21.7 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) resources.js or (2) resources.css in ajenti:static/, related to the traceback page.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
ajentiPyPI | < 1.2.21.7 | 1.2.21.7 |
Affected products
22cpe:2.3:a:ajenti:ajenti:*:*:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:ajenti:ajenti:*:*:*:*:*:*:*:*range: <=1.2.21
- cpe:2.3:a:ajenti:ajenti:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.10:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.12:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.13:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.14:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.15:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.16:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.17:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.18:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.19:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.20:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.7:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:ajenti:ajenti:1.2.9:*:*:*:*:*:*:*
Patches
1d3fc5eb142ff[http] fix traceback page xss
1 file changed · +2 −1
ajenti/routing.py+2 −1 modified@@ -1,3 +1,4 @@ +import cgi import socketio import traceback @@ -90,4 +91,4 @@ def respond_error(self, context, exception): </pre> </body> </html> - """ % stack + """ % cgi.escape(stack)
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
8- github.com/Eugeny/ajenti/commit/d3fc5eb142ff16d55d158afb050af18d5ff09120nvdExploitPatchWEB
- www.netsparker.com/critical-xss-vulnerabilities-in-ajentinvdExploitPatchWEB
- secunia.com/advisories/59177nvdThird Party AdvisoryWEB
- www.securityfocus.com/bid/68047nvdThird Party AdvisoryVDB EntryWEB
- github.com/advisories/GHSA-2ch8-f849-pjg3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-4301ghsaADVISORY
- github.com/pypa/advisory-database/tree/main/vulns/ajenti/PYSEC-2014-99.yamlghsaWEB
- web.archive.org/web/20171119051123/http://www.securityfocus.com/bid/68047ghsaWEB
News mentions
0No linked articles in our index yet.