CVE-2014-8917

https://notcve.org/view.php?id=CVE-2014-8917

Multiple cross-site scripting (XSS) vulnerabilities in (1) dojox/form/resources/uploader.swf (aka upload.swf), (2) dojox/form/resources/fileuploader.swf (aka fileupload.swf), (3) dojox/av/resources/audio.swf, and (4) dojox/av/resources/video.swf in the IBM Dojo Toolkit, as used in IBM Social Media Analytics 1.3 before IF11 and other products, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Múltiples vulnerabilidades de XSS en (1) dojox/form/resources/uploader.swf (también conocido como upload.swf), (2) dojox/form/resources/fileuploader.swf (también conocido como fileupload.swf), (3) dojox/av/resources/audio.swf, y (4) dojox/av/resources/video.swf en el juego de herramientas de IBM Dojo, utilizado en IBM Social Media Analytics 1.3 anterior a IF11 y otros productos, permiten a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a través de vectores no especificados. • http://secunia.com/advisories/62590 http://secunia.com/advisories/62837 http://www-01.ibm.com/support/docview.wss?uid=swg21694693 http://www-01.ibm.com/support/docview.wss?uid=swg21696013 http://www.securityfocus.com/bid/72903 http://www.securitytracker.com/id/1032376 https://exchange.xforce.ibmcloud.com/vulnerabilities/99303 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •