Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9433

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2014-9433
Last Modified 12 Jan 2015 02:24:16
Published 31 Dec 2014 05:59:09
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2014-9433

Summary

Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat parameter.

Vulnerable Systems

Application

  • Contenido Contendio 4.9.0

  • Contenido Contendio 4.9.1

  • Contenido Contendio 4.9.2

  • Contenido Contendio 4.9.3

  • Contenido Contendio 4.9.4

  • Contenido Contendio 4.9.5


References

BUGTRAQ - 20141224 Reflecting XSS Vulnerability in CMS Contenido 4.9.x-4.9.5

CONFIRM - http://www.contenido.org/de/cms/CONTENIDO/News/index-c-2044-3.html

MISC - http://sroesemann.blogspot.de/2014/12/report-for-advisory-sroeadv-2014-03.html

SECUNIA - 61396

XF - contenido-frontcontent-xss(99497)

MISC - http://packetstormsecurity.com/files/129713/CMS-Contenido-4.9.5-Cross-Site-Scripting.html


Last Updated: 27 May 2016 11:07:25