Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4890

Overview
Vulnerability Score 4.3 4.3
CVE Id CVE-2012-4890
Last Modified 11 Sep 2012 12:00:00
Published 10 Sep 2012 06:55:07
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4890

Summary

Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the folder names in a gallery.

Vulnerable Systems

Application

  • Flatnux 2008-12-11

  • Flatnux 2009-01-27

  • Flatnux 2009-02-04

  • Flatnux 2011-08-09-2


References

XF - flatnux-index-xss(74566)

MISC - http://www.vulnerability-lab.com/get_content.php?id=487

BID - 52846

OSVDB - 80877

SECUNIA - 48676

SECUNIA - 48656

MISC - http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html

IT Risk Posture:

Learn More
divider


Vulnerabilities

Patches

News


Free Risk Assessment Tools

Application Scanner
Find vulnerabilities on your network.

divider

Device Scanner
Find vulnerabilities on your network.

divider

Patch Scanner
Find vulnerabilities on your network.

Last Updated: 27 May 2016 11:00:32