CVE-2014-9582

Name of the Vulnerable Software and Affected Versions Codiad version 2.4.3

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the short name parameter in a rename action. This issue was originally incorrectly mapped, but it has been identified and described.

Recommendations For Codiad version 2.4.3, avoid using the short name parameter in the rename action until a fix is available. As a temporary workaround, consider restricting access to the components/filemanager/dialog.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.