QwikSec

Security Database

CVE

CWE

Training

CVE-2014-9714

Published: Apr 13, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted string to the wddx_serialize_value function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vdb-entry

x_refsource_BID

https://phabricator.wikimedia.org/T85851

x_refsource_CONFIRM

https://github.com/facebook/hhvm/commit/324701c9fd31beb4f070f1b7ef78b115fbdfec34

x_refsource_CONFIRM

https://github.com/facebook/hhvm/issues/4283

x_refsource_CONFIRM

[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24

mailing-list

x_refsource_MLIST

[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24

mailing-list

x_refsource_MLIST

[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.