{"id":"CVE-2014-2570","details":"Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.","modified":"2026-01-27T04:12:37.188434Z","published":"2015-08-31T18:59:05Z","withdrawn":"2026-01-27T04:12:37.188434Z","references":[{"type":"EVIDENCE","url":"http://codalabs.net/cla-2014-001"},{"type":"EVIDENCE","url":"http://www.securityfocus.com/bid/66380"},{"type":"FIX","url":"https://github.com/PhenX/php-font-lib/commit/d13682b7e27d14a6323c441426f3dde1cd86c751"},{"type":"FIX","url":"https://github.com/PhenX/php-font-lib/releases/tag/0.3.1"},{"type":"WEB","url":"http://osvdb.org/show/osvdb/104896"},{"type":"WEB","url":"http://www.securityfocus.com/archive/1/531587/100/0/threaded"}],"schema_version":"1.7.3"}