CompactCMS Multiple Cross Site Scripting Vulnerabilities Network Vulnerability

Summary

CompactCMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Attacker-supplied script code may be executed in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials. CompactCMS 1.4.1 is vulnerable other versions may also be affected.

Solution

Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

References

http://www.compactcms.nl
https://www.securityfocus.com/bid/45819

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability
Aardvark Topsites <= 4.2.2 Remote File Inclusion Vulnerability
Allegro RomPager HTTP Referer Header Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities