CVE-2014-6393

EPSS 0.29% · P52 Updated Feb 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2014-6393

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Joyent Node.js Express web framework 跨站脚本漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Joyent Node.js是美国Joyent公司的一套建立在Google V8 JavaScript引擎之上的网络应用平台。Express web framework是其中的一个轻量级Web框架。 Joyent Node.js中的Express web framework 3.11之前的版本和4.5之前的4.x版本存在跨站脚本漏洞。远程攻击者可利用该漏洞注入任意的Web脚本或HTML。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2014-6393

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2014-6393

请登录查看更多情报信息。

https://bugzilla.redhat.com/show_bug.cgi?id=1203190x_refsource_CONFIRM
https://nodesecurity.io/advisories/express-no-charset-in-content-type-headerx_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2014-6393

Same Patch Batch · n/a · 2017-08-09 · 38 CVEs total

CVE-2015-6816		ganglia-web 安全漏洞
CVE-2015-2291		Intel Ethernet diagnostics driver for Windows 缓冲区错误漏洞
CVE-2015-2310		Sandstorm Cap'n Proto 数字错误漏洞
CVE-2015-2311		Sandstorm Cap'n Proto 数字错误漏洞
CVE-2015-2312		Sandstorm Cap'n Proto 安全漏洞
CVE-2015-2313		Sandstorm Cap'n Proto 安全漏洞
CVE-2015-2674		Restkit 安全漏洞
CVE-2015-2687		OpenStack Compute (nova) Icehouse、Juno和Havana 信息泄露漏洞
CVE-2015-3277		mod_nss模块安全漏洞
CVE-2015-6498		Alcatel-Lucent Home Device Manager 安全漏洞
CVE-2015-1820		Ruby REST client 安全漏洞
CVE-2015-7894		Samsung Galaxy S6 LibQjpeg 安全漏洞
CVE-2017-11368		MIT krb5 输入验证错误漏洞
CVE-2015-3405		NTP 安全特征问题漏洞
CVE-2015-4165		Elasticsearch 安全漏洞
CVE-2015-5619		Elasticsearch Logstash 安全漏洞
CVE-2015-6941		Salt win_useradd、salt-cloud和Linode驱动程序安全漏洞
CVE-2015-7764		Lemur 安全漏洞
CVE-2017-12754		多款ASUS产品Asuswrt-Merlin httpd 缓冲区错误漏洞
CVE-2014-5144		Telescope 跨站脚本漏洞

Showing top 20 of 38 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2014-6393

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2014-6393

I. Basic Information for CVE-2014-6393

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2014-6393

III. Intelligence Information for CVE-2014-6393

Same Patch Batch · n/a · 2017-08-09 · 38 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2014-6393

Leave a comment