Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1458

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-1458
Last Modified 28 Apr 2009 12:00:00
Published 28 Apr 2009 12:30:03
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-1458

Summary

Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS before 0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action, and (3) the cat parameter in a reordercat action.

Vulnerable Systems

Application

  • Razorcms 0.2

  • Razorcms 0.3


References

XF - razorcms-index-xss(49945)

BID - 34566

SECUNIA - 34744

CONFIRM - http://razorcms.co.uk/support/viewtopic.php?f=13&t=325

OSVDB - 53776

FULLDISC - 20090416 [follow-up] razorCMS - Multiple Vulnerabilities

FULLDISC - 20090416 razorCMS - Multiple Vulnerabilities


Last Updated: 27 May 2016 10:50:34