VIR Vulnerability Intelligence Relay

CVE-2014-8772

low
Published 2014-12-03 · Modified 2026-05-06
CVSS v3
CVSS v2
3.5
VIR risk
3.5

Description

Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — http://www.x3cms.net/en/news/article/8bb9a4f84d956653b4daa19ee7c529fa/x3_cms_0.5.2

Application impact
VendorProductVersionsFixed
x3cmsx3_cms0.5.1
x3cmsx3_cms0.5.1.1

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.