Summary
The host is installed with x3cms and is prone to multiple cross-site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in context of an affected site and launch other attacks.
Impact Level: Application
Solution
Apply the patch from below link,
http://www.x3cms.net/
Insight
- Input passed via the URL to admin/login is not properly sanitised before being returned to the user.
- Input passed via the 'username' and 'password' POST parameters to admin/login (when e.g. other POST parameters are not set) is not properly sanitised before being returned to the user.
Affected
X3CMS version 0.4.3.1-STABLE and prior
References
Severity
Classification
-
CVE CVE-2011-5255 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Ampache Reflected Cross Site Scripting Vulnerability
- Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
- AfterLogic WebMail Pro Multiple Cross Site Scripting Vulnerabilities
- AN Guestbook Local File Inclusion Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities