OneCMS 'index.php' Cross Site Scripting Vulnerability Network Vulnerability

Summary

OneCMS is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. OneCMS version 2.6.1 is vulnerable others may also be affected.

References

http://sourceforge.net/project/showfiles.php?group_id=148948
https://www.securityfocus.com/bid/42949

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4877

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

A Really Simple Chat Multiple XSS Vulnerabilities
123 Flash Chat Multiple Security Vulnerabilities
Apache Continuum Cross Site Scripting Vulnerability
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
aeNovo Database Content Disclosure Vulnerability

Take action and discover your vulnerabilities