Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1058

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1058
Last Modified 20 Jan 2015 09:01:56
Published 16 Jan 2015 10:59:07
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1058

Summary

Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) data[Category][title] parameter to admin/categories/add, (2) data[Field][title] parameter to admin/fields/ajax_fields/, (3) name property in a basicInfo JSON object to admin/tools/create_theme, (4) data[Link][link_title] parameter to admin/links/links/add, or (5) data[ForumTopic][subject] parameter to forums/off-topic/new.

Vulnerable Systems

Application

  • Insanevisions Adaptcms 3.0.3


References

XF - adaptcms-multiple-data-xss(99617)

MISC - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5218.php

EXPLOIT-DB - 35710

MISC - http://packetstormsecurity.com/files/129812/AdaptCMS-3.0.3-Cross-Site-Scripting.html

OSVDB - 116720

OSVDB - 116719

OSVDB - 116718

OSVDB - 116717

OSVDB - 116716


Last Updated: 27 May 2016 11:07:34