Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2376

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-2376
Last Modified 08 Jul 2009 12:00:00
Published 08 Jul 2009 11:30:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2376

Summary

Cross-site scripting (XSS) vulnerability in the Html::textarea function in application/libraries/Html.php in TangoCMS 2.x before 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the value parameter, related to the Contact module.

Vulnerable Systems

Application

  • Tangocms 2.0.0

  • Tangocms 2.0.1

  • Tangocms 2.0.2

  • Tangocms 2.0.3

  • Tangocms 2.0.4

  • Tangocms 2.0.5

  • Tangocms 2.0.6

  • Tangocms 2.1.0

  • Tangocms 2.1.1

  • Tangocms 2.1.2

  • Tangocms 2.2.0

  • Tangocms 2.2.1

  • Tangocms 2.2.2

  • Tangocms 2.2.3


References

CONFIRM - http://tangocms.org/changelog

CONFIRM - http://dev.tangocms.org/issues/show/140

XF - tangocms-value-xss(51432)

SECUNIA - 35642

CONFIRM - http://dev.tangocms.org/repositories/diff/tangocms?rev=2372


Last Updated: 27 May 2016 10:50:52