CVE-2014-2035

Name of the Vulnerable Software and Affected Versions InterWorx Web Control Panel versions prior to 5.0.13 build 574

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the i parameter in the xhr.php file. This could potentially lead to unauthorized actions on the web application.

Recommendations For versions prior to 5.0.13 build 574, update to version 5.0.13 build 574 or later to resolve the issue. As a temporary workaround, consider restricting access to the xhr.php file to minimize the risk of exploitation. Avoid using the i parameter in the affected API endpoint until the issue is resolved.