Summary
The host is installed with x3cms and is prone to multiple cross-site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in context of an affected site and launch other attacks.
Impact Level: Application
Solution
Apply the patch from below link,
http://www.x3cms.net/
Insight
- Input passed via the URL to admin/login is not properly sanitised before being returned to the user.
- Input passed via the 'username' and 'password' POST parameters to admin/login (when e.g. other POST parameters are not set) is not properly sanitised before being returned to the user.
Affected
X3CMS version 0.4.3.1-STABLE and prior
References
Severity
Classification
-
CVE CVE-2011-5255 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
- Adobe ColdFusion HTTP Response Splitting Vulnerability
- Adobe ColdFusion Unspecified Information Disclosure Vulnerability
- Apache Continuum Cross Site Scripting Vulnerability