Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE-request: Elxis CMS two XSS-vulnerabilities
From: Henri Salo <henri () nerv fi>
Date: Fri, 30 Dec 2011 13:49:50 +0200

1) Input passed to the "task" parameter in index.php (when "option" is set to "com_content") is not properly sanitised 
before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser 
session in context of an affected site.
http://osvdb.org/show/osvdb/77563

2) Input passed via the URL to administrator/index.php is not properly sanitised before being returned to the user. 
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected 
site.
http://osvdb.org/show/osvdb/77564

http://secunia.com/advisories/47073/

Fixed in same version "2009.3 Aphrodite rev2684" so one CVE-identifier might be enough.

- Henri Salo


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]