Summary
CompactCMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Attacker-supplied script code may be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials.
CompactCMS 1.4.1 is vulnerable
other versions may also be affected.
Solution
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
References
Updated on 2015-03-25
Severity
Classification
-
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
- Aardvark Topsites PHP 'index.php' Multiple Cross Site Scripting Vulnerabilities
- A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
- Apache Tomcat Directory Listing and File disclosure
- Advanced Image Hosting Cross Site Scripting Vulnerability