CVE-2014-2260

Name of the Vulnerable Software and Affected Versions Ajenti versions 1.2.13 through 1.2.14 Ajenti version 1.2.15 is not affected, so versions prior to 1.2.15 are vulnerable. However, since 1.2.13 is the lowest version mentioned as vulnerable, the range can be simplified to: Ajenti versions 1.2.13 through 1.2.14

Description The issue is a cross-site scripting (XSS) vulnerability in the plugins/main/content/js/ajenti.coffee file. This allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.

Recommendations For Ajenti versions 1.2.13 through 1.2.14, update to version 1.2.15 or later to resolve the issue. As a temporary workaround, consider restricting access to the Cron functionality to minimize the risk of exploitation.