CVE-2014-6027

Name of the Vulnerable Software and Affected Versions TorrentFlux version 2.4

Description The issue allows remote attackers to inject arbitrary web script or HTML by leveraging failure to encode file contents when downloading a torrent file. Additionally, remote authenticated users can inject arbitrary web script or HTML via vectors involving a link to torrent details.

Recommendations For TorrentFlux version 2.4, update to a version that properly encodes file contents and validates user input to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to torrent details links and ensuring that all file downloads are thoroughly validated to minimize the risk of exploitation.