[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252212

 
 

909

 
 

196748

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2012-4890Date: (C)2012-09-10   (M)2023-12-22


Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the folder names in a gallery.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SECUNIA-48656
SECUNIA-48676
BID-52846
OSVDB-80877
flatnux-index-xss(74566)
http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html
http://www.vulnerability-lab.com/get_content.php?id=487

CPE    3
cpe:/a:flatnux:flatnux:2008-12-11
cpe:/a:flatnux:flatnux:2009-01-27
cpe:/a:flatnux:flatnux:2009-02-04
CWE    1
CWE-79

© SecPod Technologies