Summary
This host is installed with Jojo CMS and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary SQL commands and execute arbitrary HTML and script code in a user's browser session in the context of an affected website.
Impact Level: Application
Solution
Update to Jojo CMS 1.2.2 or later,
For updates refer to http://www.jojocms.org
Insight
Multiple flaws due to,
- An insufficient filtration of user-supplied input passed to the 'X-Forwarded-For' HTTP header in '/articles/test/' URI.
- An insufficient filtration of user-supplied data passed to 'search' HTTP POST parameter in '/forgot-password/' URI.
Affected
Jojo CMS version 1.2 and prior
References
Severity
Classification
-
CVE CVE-2013-3081, CVE-2013-3082 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities