Title:    OKCupid Server Error Page XSS
Severity:   High
CVE-ID:   CVE-2014-3148
Re-release:  20 September 2014 
Author:   Kenneth F. Belva
Websites:  http://silverbackventuresllc.com
    http://xssWarrior.com 
    http://securitymaverick.com
Twitter:   @infosecmaverick
Contact:  Please use website contact form.
Mail: 
URL:     https://github.com/okws/okws
Vendor: 
Remote Exploit:  Yes


Description:
============

A non-existent page triggers the vulnerable XSS page.



Proof of Concept :
==================

http://okcupidserver/none/[code]


Various URLs :
==================

Public Release:
https://twitter.com/infosecmaverick/status/462573038299803648

Hacker1:
https://hackerone.com/reports/3317

Git Credit and Correction:
https://github.com/okws/okws/commit/e9bedb644d106a043e33e1058bedd1c2c0b2e2e0


Solution:
=========

Upgrade.


Remarks:
========

Thanks to @Sidnicious at OKCupid for such a quick fix and responsiveness