Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1603

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-1603
Last Modified 20 Feb 2015 08:38:27
Published 19 Feb 2015 10:59:17
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-1603

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id parameter in a users_users action to asys/site/system.php.

Vulnerable Systems

Application

  • Adminsystems Cms Project Adminsystems Cms 4.0.0


References

CONFIRM - https://github.com/kneecht/adminsystems/releases/tag/4.0.2

CONFIRM - https://github.com/kneecht/adminsystems/issues/1

BID - 72605

MLIST - [oss-security] 20150214 Re: CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF

MLIST - [oss-security] 20150213 Re: CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF

MLIST - [oss-security] 20150213 CVE-Request -- Landsknecht Adminsystems v.4.0.1 (DEV, beta version) -- Reflecting XSS, unrestricted file-upload and underlaying CSRF

MISC - http://sroesemann.blogspot.de/2015/02/report-for-advisory-sroeadv-2015-14.html

MISC - http://sroesemann.blogspot.de/2015/01/sroeadv-2015-14.html

FULLDISC - 20150213 Reflecting XSS vulnerabitlies, unrestricted file upload and underlaying CSRF in Landsknecht Adminsystems CMS v. 4.0.1 (DEV, beta version)

MISC - http://packetstormsecurity.com/files/130394/Landsknecht-Adminsystems-CMS-4.0.1-CSRF-XSS-File-Upload.html


Last Updated: 27 May 2016 11:07:54