CVE-2014-100037

Name of the Vulnerable Software and Affected Versions Storytlr versions 1.3.dev and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the PATH INFO to archives/. This enables attackers to execute malicious scripts on the client-side.

Recommendations For versions 1.3.dev and earlier, update to a version later than 1.3.dev to resolve the issue. As a temporary workaround, consider restricting access to the archives/ endpoint to minimize the risk of exploitation.