X3 CMS Multiple Cross Site Scripting Vulnerabilities
BID:51346
Info
X3 CMS Multiple Cross Site Scripting Vulnerabilities
| Bugtraq ID: | 51346 |
| Class: | Input Validation Error |
| CVE: |
CVE-2011-5255 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 10 2012 12:00AM |
| Updated: | Mar 19 2015 07:35AM |
| Credit: | Stefan Schurtz, INFOSERVE via Secunia. |
| Vulnerable: |
Cblu.net X3 CMS 0.4.3.1-STABLE |
| Not Vulnerable: | |
Discussion
X3 CMS Multiple Cross Site Scripting Vulnerabilities
X3 CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
X3 CMS 0.4.3.1-STABLE is vulnerable; other versions may also be affected.
X3 CMS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input.
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
X3 CMS 0.4.3.1-STABLE is vulnerable; other versions may also be affected.
Exploit / POC
X3 CMS Multiple Cross Site Scripting Vulnerabilities
Attackers can exploit these issues by enticing an unsuspecting victim into following a malicious URI.
Attackers can exploit these issues by enticing an unsuspecting victim into following a malicious URI.