Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1296

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-1296
Last Modified 27 Aug 2012 12:00:00
Published 26 Aug 2012 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-1296

Summary

Multiple cross-site scripting (XSS) vulnerabilities in apps/admin/handlers/preview.php in Elefant CMS 1.0.x before 1.0.2-Beta and 1.1.x before 1.1.5-Beta allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) body parameter to admin/preview.

Vulnerable Systems

Application

  • Elefantcms 1.0.1

  • Elefantcms 1.1.1 Beta

  • Elefantcms 1.1.2 Beta

  • Elefantcms 1.1.3 Beta

  • Elefantcms 1.1.4 Beta


References

MISC - https://www.htbridge.com/advisory/HTB23076

XF - elefantcms-preview-xss(73421)

BID - 52143

CONFIRM - http://www.elefantcms.com/wiki/Changelog

CONFIRM - http://www.elefantcms.com/forum/discussion/39/elefant-1.0.2-and-1.1.5-security-updates-released

SECUNIA - 48118


Last Updated: 27 May 2016 11:00:18