Lucene search

[email protected]CVE-2011-4709

HistoryDec 08, 2011 - 7:55 p.m.

CVE-2011-4709

2011-12-0819:55:05

CWE-79

[email protected]

web.nvd.nist.gov

cve

2011

4709

cross-site scripting

xss

vulnerability

hotaru.php

search plugin

hotaru cms

remote attackers

injection

web script

html

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.1 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

84.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in the Search plugin 1.3 for Hotaru CMS allow remote attackers to inject arbitrary web script or HTML via the (1) SITE_NAME parameter to admin_index.php, or the (2) return and (3) search parameters to index.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

hotarusearch_pluginMatch1.3

AND

hotaruhotaru_cmsMatch1.4.2

CPENameOperatorVersion
hotaru:search_pluginhotaru search plugineq1.3
hotaru:hotaru_cmshotaru hotaru cmseq1.4.2

CPE	Name	Operator	Version
hotaru:search_plugin	hotaru search plugin	eq	1.3
hotaru:hotaru_cms	hotaru hotaru cms	eq	1.4.2

References

secunia.com/advisories/46842

www.osvdb.org/77095

www.zeroscience.mk/codes/hotarucms_xss.txt

www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5057.php

exchange.xforce.ibmcloud.com/vulnerabilities/71300

exchange.xforce.ibmcloud.com/vulnerabilities/71301

exchange.xforce.ibmcloud.com/vulnerabilities/71302

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.1 Medium

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

84.0%

JSON

Related for CVE-2011-4709

zeroscience1 prion2 cvelist2 nvd2 veracode1 osv1 cve1