Summary
The host is installed with x3cms and is prone to multiple cross-site scripting vulnerabilities.
Impact
Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in context of an affected site and launch other attacks.
Impact Level: Application
Solution
Apply the patch from below link,
http://www.x3cms.net/
Insight
- Input passed via the URL to admin/login is not properly sanitised before being returned to the user.
- Input passed via the 'username' and 'password' POST parameters to admin/login (when e.g. other POST parameters are not set) is not properly sanitised before being returned to the user.
Affected
X3CMS version 0.4.3.1-STABLE and prior
References
Severity
Classification
-
CVE CVE-2011-5255 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache ActiveMQ Source Code Information Disclosure Vulnerability
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Adobe ColdFusion Multiple Full Path Disclosure Vulnerabilities
- @Mail 'admin.php' Cross-Site Scripting Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14