Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2342

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-2342
Last Modified 08 Jul 2009 12:00:00
Published 07 Jul 2009 03:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2342

Summary

Cross-site scripting (XSS) vulnerability in admin.php (aka the login page) in Content Management Made Easy (CMME) before 1.22 allows remote attackers to inject arbitrary web script or HTML via the username field.

Vulnerable Systems

Application

  • Hans Oesterholt Cmme 1.02

  • Hans Oesterholt Cmme 1.03

  • Hans Oesterholt Cmme 1.06

  • Hans Oesterholt Cmme 1.07

  • Hans Oesterholt Cmme 1.08

  • Hans Oesterholt Cmme 1.09

  • Hans Oesterholt Cmme 1.10

  • Hans Oesterholt Cmme 1.11

  • Hans Oesterholt Cmme 1.12

  • Hans Oesterholt Cmme 1.18

  • Hans Oesterholt Cmme 1.19

  • Hans Oesterholt Cmme 1.21


References

MISC - http://sourceforge.net/tracker/?func=detail&aid=2500186&group_id=215535&atid=1034058

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=694724

SECUNIA - 35610


Last Updated: 27 May 2016 10:50:52