Unrated severityNVD Advisory· Published Sep 26, 2014· Updated May 6, 2026

CVE-2014-4958

Description

Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes.

Affected products

Telerik/Asp.net Ajax Radeditor Control2 versions
cpe:2.3:a:telerik:asp.net_ajax_radeditor_control:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:telerik:asp.net_ajax_radeditor_control:*:*:*:*:*:*:*:*range: <=2014.1.403.35
- cpe:2.3:a:telerik:asp.net_ajax_radeditor_control:2009.3.1208.20:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blogs.telerik.com/blogs/14-09-24/securing-radeditor-content-and-preventing-xss-attacksnvd
maverickblogging.com/disclosing-cve-2014-4958-stored-attribute-based-cross-site-scripting-xss-vulnerability-in-telerik-ui-for-asp-net-ajax-radeditor-control/nvd
packetstormsecurity.com/files/128414/Telerik-ASP.NET-AJAX-RadEditor-Control-2014.1.403.35-XSS.htmlnvd
www.securityfocus.com/archive/1/533537/30/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000