Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Ajenti before 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the command field in the Cron functionality.

References

• https://nvd.nist.gov/vuln/detail/CVE-2014-2260
• http://packetstormsecurity.com/files/124804/Ajenti-1.2.13-Cross-Site-Scripting.html
• ajenti/ajenti#233
• ajenti/ajenti@3270fd1
• https://web.archive.org/web/20200229062920/http://www.securityfocus.com/bid/64982