Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-0807

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2013-0807
Last Modified 31 Mar 2014 09:40:00
Published 28 Mar 2014 11:55:08
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2013-0807

Summary

Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.

Vulnerable Systems

Application

  • Gpeasy Cms 1.5

  • Gpeasy Cms 1.6

  • Gpeasy Cms 1.6.1

  • Gpeasy Cms 1.6.2

  • Gpeasy Cms 1.6.3

  • Gpeasy Cms 2.0.1

  • Gpeasy Cms 2.1

  • Gpeasy Cms 2.2

  • Gpeasy Cms 2.3

  • Gpeasy Cms 2.3.1

  • Gpeasy Cms 2.3.2

  • Gpeasy Cms 2.3.3

  • Gpeasy Cms 2.4

  • Gpeasy Cms 3.0

  • Gpeasy Cms 3.0.1

  • Gpeasy Cms 3.0.2

  • Gpeasy Cms 3.0.3

  • Gpeasy Cms 3.0.4

  • Gpeasy Cms 3.0.5

  • Gpeasy Cms 3.5

  • Gpeasy Cms 3.5.1

  • Gpeasy Cms 3.5.2


References

MISC - https://www.htbridge.com/advisory/HTB23137

CONFIRM - https://github.com/oyejorge/gpEasy-CMS/commit/40f1b4a5749a621cd27c5ca39900dbcf8701969d

XF - gpeasy-index-section-xss(81472)

MISC - http://packetstormsecurity.com/files/119805/gpEasy-3.5.2-Cross-Site-Scripting.html

OSVDB - 89536

BUGTRAQ - 20130123 Cross-Site Scripting (XSS) vulnerability in gpEasy


Last Updated: 27 May 2016 11:04:48