{"id":"CVE-2014-3877","details":"Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fup.","modified":"2026-04-10T03:43:51.269623Z","published":"2014-06-18T14:55:12Z","references":[{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/126906/F-EX-20140313-1-HTTP-Response-Splitting-Cross-Site-Scripting.html"},{"type":"EVIDENCE","url":"https://www.lsexperts.de/advisories/lse-2014-05-22.txt"},{"type":"FIX","url":"http://fex.rus.uni-stuttgart.de/fex.html"}],"schema_version":"1.7.5"}