Search for vulnerabilities
Vulnerability details: VCID-2rfq-rxmb-aaam
Vulnerability ID VCID-2rfq-rxmb-aaam
Aliases CVE-2014-9743
Summary Cross-site scripting (XSS) vulnerability in the httpd_HtmlError function in network/httpd.c in the web interface in VideoLAN VLC Media Player before 2.2.0 allows remote attackers to inject arbitrary web script or HTML via the path info.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9743.html
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00256 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00290 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00305 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
epss 0.00544 https://api.first.org/data/v1/epss?cve=CVE-2014-9743
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9743
generic_textual Medium http://seclists.org/fulldisclosure/2014/Mar/324
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2014-9743
generic_textual Medium http://www.quantumleap.it/vlc-reflected-xss-vulnerability/
Reference id Reference type URL
http://git.videolan.org/?p=vlc.git%3Ba=commit%3Bh=fe5063ec5ad1873039ea719eb1f137c8f3bda84b
http://git.videolan.org/?p=vlc.git;a=commit;h=fe5063ec5ad1873039ea719eb1f137c8f3bda84b
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9743.html
https://api.first.org/data/v1/epss?cve=CVE-2014-9743
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9743
http://seclists.org/fulldisclosure/2014/Mar/324
http://www.quantumleap.it/vlc-reflected-xss-vulnerability/
http://www.securityfocus.com/bid/66307
cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*
CVE-2014-9743 https://nvd.nist.gov/vuln/detail/CVE-2014-9743
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-9743
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.48991
EPSS Score 0.00256
Published At June 13, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.