Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4918

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4918
Last Modified 29 Aug 2012 12:00:00
Published 29 Aug 2012 12:39:38
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4918

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2, 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) task parameter to elxis/index.php, and (2) PATH_INFO to elxis/administrator/index.php.

Vulnerable Systems

Application

  • Elxis Cms 2009.2

  • Elxis Cms 2009.3


References

XF - elxiscms-index-xss(71648)

BID - 50910

BUGTRAQ - 20111205 [DCA-2011-0014] - Elxis CMS Cross Site Script

OSVDB - 77564

OSVDB - 77563

MLIST - [oss-security] 20111231 Re: CVE-request: Elxis CMS two XSS-vulnerabilities

SECUNIA - 47073

CONFIRM - http://forum.elxis.org/index.php?PHPSESSID=v9i7kgmmb2554ldmlcmbj32ugjd0ngpc&topic=5144.msg43327#msg43327


Last Updated: 27 May 2016 11:00:22