CVE-2014-10006

Name of the Vulnerable Software and Affected Versions Maian Uploader version 4.0

Description The issue concerns multiple cross-site request forgery (CSRF) vulnerabilities that allow remote attackers to hijack the authentication of unspecified users. This can lead to requests that conduct cross-site scripting (XSS) attacks. The attacks can be performed via the width parameter to specific API endpoints, such as "/uploader/admin/js/load flv.js.php" or "/uploader/js/load flv.js.php".

Recommendations For Maian Uploader version 4.0, consider restricting access to the load flv.js.php scripts in both the admin and user directories until a patch is available. As a temporary workaround, avoid using the width parameter in the affected API endpoints.