Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-1972

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-1972
Last Modified 29 Mar 2010 02:04:30
Published 27 Apr 2008 02:05:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-1972

Summary

Multiple cross-site scripting (XSS) vulnerabilities in the user account creation feature in Exponent CMS 0.96.6-GA20071003 and earlier, when the Allow Registration? configuration option is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) firstname, (3) lastname, and (4) e-mail address fields. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Oicgroup Exponent Cms 0.94

  • Oicgroup Exponent Cms 0.95

  • Oicgroup Exponent Cms 0.96.1

  • Oicgroup Exponent Cms 0.96.3

  • Oicgroup Exponent Cms 0.96.4

  • Oicgroup Exponent Cms 0.96.5

  • Oicgroup Exponent Cms 0.96.6

  • Oicgroup Exponent Cms 0.96.6-ga20071003


References

XF - exponentcms-newaccount-xss(41878)

BID - 28834

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=592961&group_id=118524

SECUNIA - 29875


Last Updated: 27 May 2016 10:47:42