CVE-2013-4759
Summary
| CVE | CVE-2013-4759 |
|---|---|
| State | PUBLISHED |
| Assigner | mitre |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-08-09 21:55:07 UTC |
| Updated | 2026-04-29 01:13:23 UTC |
| Description | Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
NetworkAccess Complexity
MediumAuthentication
NoneConfidentiality
NoneIntegrity
PartialAvailability
NoneAV:N/AC:M/Au:N/C:N/I:P/A:N
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Magnolia-cms | Magnolia Cms | - | - | community | All |
| Application | Magnolia-cms | Magnolia Form Module | 1.4 | All | All | All |
| Application | Magnolia-cms | Magnolia Form Module | 1.4.1 | All | All | All |
| Application | Magnolia-cms | Magnolia Form Module | 1.4.2 | All | All | All |
| Application | Magnolia-cms | Magnolia Form Module | 1.4.3 | All | All | All |
| Application | Magnolia-cms | Magnolia Form Module | 1.4.4 | All | All | All |
| Application | Magnolia-cms | Magnolia Form Module | 1.4.5 | All | All | All |
| Application | Magnolia-cms | Magnolia Form Module | 1.4.6 | All | All | All |
| Application | Magnolia-cms | Magnolia Form Module | 2.0 | All | All | All |
| Application | Magnolia-cms | Magnolia Form Module | 2.0.1 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| archives.neohapsis.com/archives/bugtraq/2013-07/0160.html | af854a3a-2127-422b-91ae-364da2661108 | archives.neohapsis.com | Exploit |
| Magnolia CMS CVE-2013-4759 Multiple Cross Site Scripting Vulnerabilities | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Exploit |
| osvdb.org/95628 | af854a3a-2127-422b-91ae-364da2661108 | osvdb.org | |
| File Not Found | af854a3a-2127-422b-91ae-364da2661108 | www.htbridge.com | Exploit |
| IBM X-Force Exchange | af854a3a-2127-422b-91ae-364da2661108 | exchange.xforce.ibmcloud.com | |
| Magnolia CMS 5.0.1 Community Edition Cross Site Scripting ≈ Packet Storm | af854a3a-2127-422b-91ae-364da2661108 | packetstormsecurity.com | Exploit |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.