Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6523

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-6523
Last Modified 31 Jan 2013 11:53:51
Published 31 Jan 2013 12:44:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6523

Summary

Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or the COMMENT parameter in (2) blog.php, (3) guestbook.php, or (4) forum.php in codes/. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • W-cms 2.01


References

XF - wcms-comment-xss(72301)

XF - wcms-index-xss(72300)

BID - 51359

EXPLOIT-DB - 18348

SECUNIA - 47527

OSVDB - 78268

OSVDB - 78267


Last Updated: 27 May 2016 10:44:50