MoziloCMS Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

The host is running moziloCMS and is prone to Multiple Cross Site Scripting Vulnerabilities

Impact

Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Impact Level: Application.

Solution

Upgrade to version 1.12 or later, For updates refer to http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=50_Download

Insight

The flaws are due to an error in 'admin/index.php'. The input values are not properly verified before being used via 'cat' and file parameters in an 'editsite' action.

Affected

moziloCMS version 1.11.1 and prior on all running platform.

References

http://downloads.securityfocus.com/vulnerabilities/exploits/35212.txt
http://en.securitylab.ru/nvd/388498.php

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-4209

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
Apache CouchDB Cross Site Request Forgery Vulnerability

moziloCMS Multiple Cross Site Scripting Vulnerabilities

Take action and discover your vulnerabilities