CVE-2014-6420

Name of the Vulnerable Software and Affected Versions Livefyre LiveComments version 3.0

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture. This could potentially lead to unauthorized actions on the affected system.

Recommendations For Livefyre LiveComments version 3.0, consider validating and sanitizing user-inputted data, especially for picture uploads, to prevent malicious script injections. As a temporary workaround, restrict the ability to upload pictures or limit the characters allowed in picture names until a patch is available.