Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-5255

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-5255
Last Modified 31 Jan 2013 12:00:00
Published 31 Jan 2013 12:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-5255

Summary

Multiple cross-site scripting (XSS) vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) username, or (3) password parameter.

Vulnerable Systems

Application

  • X3cms X3 Cms 0.4

  • X3cms X3 Cms 0.4.0.3

  • X3cms X3 Cms 0.4.1

  • X3cms X3 Cms 0.4.2

  • X3cms X3 Cms 0.4.2.1

  • X3cms X3 Cms 0.4.3.1


References

XF - x3cms-login-xss(72279)

CONFIRM - http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/984

CONFIRM - http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/977

CONFIRM - http://www.x3cms.net/en/news/article/dae363948eb4b27f8b02a84ca054c3fc/release_0.4.3.1

BID - 51346

MISC - http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-04.txt

SECUNIA - 46748

OSVDB - 78220

BUGTRAQ - 20120111 Multiple Cross-Site-Scripting vulnerabilities in x3cms


Last Updated: 27 May 2016 11:01:45