CVE-2014-10003

Name of the Vulnerable Software and Affected Versions Maian Uploader version 4.0

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the width parameter to specific API endpoints, such as "/uploader/admin/js/load flv.js.php" or "/uploader/js/load flv.js.php".

Recommendations For Maian Uploader version 4.0, as a temporary workaround, consider restricting access to the /uploader/admin/js/load flv.js.php and /uploader/js/load flv.js.php endpoints until a patch is available. Avoid using the width parameter in these affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.