Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4827

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4827
Last Modified 09 Feb 2012 12:00:00
Published 14 Dec 2011 10:57:34
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4827

Summary

Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools V-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) p parameter to redirect.php and (2) box parameter to includes/TrueColorPicker/index.php, which is not properly handled in includes/TrueColorPicker/class.TrueColorPicker.php.

Vulnerable Systems

Application

  • Autosectools V-cms 1.0


References

BID - 50706

MISC - http://www.autosectools.com/Advisory/V-CMS-1.0-Reflected-Cross-site-Scripting-234

SECUNIA - 46861


Last Updated: 27 May 2016 10:57:54