CVE-2011-5255

Multiple cross-site scripting (XSS) vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) username, or (3) password parameter.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2012-01/0066.html	Exploit
http://osvdb.org/78220
http://secunia.com/advisories/46748	Vendor Advisory
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-04.txt
http://www.securityfocus.com/bid/51346
http://www.x3cms.net/en/news/article/dae363948eb4b27f8b02a84ca054c3fc/release_0.4.3.1
http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/977
http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/984
https://exchange.xforce.ibmcloud.com/vulnerabilities/72279
http://archives.neohapsis.com/archives/bugtraq/2012-01/0066.html	Exploit
http://osvdb.org/78220
http://secunia.com/advisories/46748	Vendor Advisory
http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-04.txt
http://www.securityfocus.com/bid/51346
http://www.x3cms.net/en/news/article/dae363948eb4b27f8b02a84ca054c3fc/release_0.4.3.1
http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/977
http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/984
https://exchange.xforce.ibmcloud.com/vulnerabilities/72279

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:x3cms:x3_cms::::::::
	cpe:2.3:a:x3cms:x3_cms:0.4:rc2::::::
	cpe:2.3:a:x3cms:x3_cms:0.4.0.3:::::::*
	cpe:2.3:a:x3cms:x3_cms:0.4.1:::::::*
	cpe:2.3:a:x3cms:x3_cms:0.4.2:::::::*
	cpe:2.3:a:x3cms:x3_cms:0.4.2.1:::::::*

History

21 Nov 2024, 01:33

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2012-01/0066.html - Exploit~~	() http://archives.neohapsis.com/archives/bugtraq/2012-01/0066.html - Exploit
References	~~() http://osvdb.org/78220 -~~	() http://osvdb.org/78220 -
References	~~() http://secunia.com/advisories/46748 - Vendor Advisory~~	() http://secunia.com/advisories/46748 - Vendor Advisory
References	~~() http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-04.txt -~~	() http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-04.txt -
References	~~() http://www.securityfocus.com/bid/51346 -~~	() http://www.securityfocus.com/bid/51346 -
References	~~() http://www.x3cms.net/en/news/article/dae363948eb4b27f8b02a84ca054c3fc/release_0.4.3.1 -~~	() http://www.x3cms.net/en/news/article/dae363948eb4b27f8b02a84ca054c3fc/release_0.4.3.1 -
References	~~() http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/977 -~~	() http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/977 -
References	~~() http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/984 -~~	() http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/984 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/72279 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/72279 -

Information

Published : 2013-01-31 05:44

Updated : 2024-11-21 01:33

NVD link : CVE-2011-5255

Mitre link : CVE-2011-5255

CVE.ORG link : CVE-2011-5255

JSON object : View

Products Affected

x3cms

x3_cms

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10