Title:		OKCupid Server Error Page XSS
Severity: 	High
CVE-ID: 	CVE-2014-3148
Re-release:	20 September 2014 
Author: 	Kenneth F. Belva
Websites:	http://silverbackventuresllc.com
		http://xssWarrior.com 
		http://securitymaverick.com
Twitter: 	@infosecmaverick
Contact:	Please use website contact form.
Mail: 
URL: 		https://github.com/okws/okws
Vendor: 
Remote Exploit:	Yes


Description:
============

A non-existent page triggers the vulnerable XSS page.



Proof of Concept :
==================

http://okcupidserver/none/[code]


Various URLs :
==================

Public Release:
https://twitter.com/infosecmaverick/status/462573038299803648

Hacker1:
https://hackerone.com/reports/3317

Git Credit and Correction:
https://github.com/okws/okws/commit/e9bedb644d106a043e33e1058bedd1c2c0b2e2e0


Solution:
=========

Upgrade.


Remarks:
========

Thanks to @Sidnicious at OKCupid for such a quick fix and responsiveness