CVE-2014-3894

Name of the Vulnerable Software and Affected Versions Kobo Multifunctional MailForm Free versions 2014/1/28 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header. This can lead to the execution of malicious scripts on the client-side.

Recommendations For versions 2014/1/28 and earlier, update to a version later than 2014/1/28 to resolve the issue. As a temporary workaround, consider restricting access to the HTTP Referer header to minimize the risk of exploitation.