Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-6127

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-6127
Last Modified 19 Aug 2009 01:23:10
Published 13 Feb 2009 01:30:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-6127

Summary

Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php.

Vulnerable Systems

Application

  • Mozilocms 1.0

  • Mozilocms 1.1

  • Mozilocms 1.1.1

  • Mozilocms 1.10

  • Mozilocms 1.10.1

  • Mozilocms 1.10.2

  • Mozilocms 1.2

  • Mozilocms 1.3

  • Mozilocms 1.3.1

  • Mozilocms 1.4

  • Mozilocms 1.5

  • Mozilocms 1.6

  • Mozilocms 1.6.1

  • Mozilocms 1.6.2

  • Mozilocms 1.7

  • Mozilocms 1.8

  • Mozilocms 1.9

  • Mozilocms 1.9.1

  • Mozilocms 1.9.2

  • Mozilocms 1.9.3


References

BID - 31495

CONFIRM - http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=60_Changelog

XF - mozilocms-index-xss(45525)

SECUNIA - 32021


Last Updated: 27 May 2016 10:49:04