CVE-2014-3877

Name of the Vulnerable Software and Affected Versions Frams' Fast File EXchange (F*EX, aka fex) versions prior to fex-20140530

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup. This is due to an incomplete blacklist vulnerability.

Recommendations For versions prior to fex-20140530, update to version fex-20140530 or later to resolve the issue. As a temporary workaround, consider restricting access to the fup endpoint to minimize the risk of exploitation. Avoid using the addto parameter in the affected endpoint until the issue is resolved.