Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-3728

Overview

Vulnerability Score 3.5 3.5
CVE Id CVE-2013-3728
Last Modified 13 Mar 2014 01:43:09
Published 13 Mar 2014 10:55:05
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication SINGLE_INSTANCE

CVE-2013-3728

Summary

Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php.

Vulnerable Systems

Application

  • Kasseler-cms 2


References

CONFIRM - http://diff.kasseler-cms.net/svn/patches/1232.html

MISC - https://www.htbridge.com/advisory/HTB23158

XF - kasselercms-cve20133728-admin-xss(85408)

BUGTRAQ - 20130703 Multiple Vulnerabilities in Kasseler CMS

MISC - http://packetstormsecurity.com/files/122282/Kasseler-CMS-2-r1223-CSRF-XSS-SQL-Injection.html

OSVDB - 94780

CONFIRM - http://diff.kasseler-cms.net/svn.html


Last Updated: 27 May 2016 11:04:39