|
Message-ID: <20111230114950.GC20236@foo.fgeek.fi> Date: Fri, 30 Dec 2011 13:49:50 +0200 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Subject: CVE-request: Elxis CMS two XSS-vulnerabilities 1) Input passed to the "task" parameter in index.php (when "option" is set to "com_content") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. http://osvdb.org/show/osvdb/77563 2) Input passed via the URL to administrator/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. http://osvdb.org/show/osvdb/77564 http://secunia.com/advisories/47073/ Fixed in same version "2009.3 Aphrodite rev2684" so one CVE-identifier might be enough. - Henri Salo
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.