Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php.
CPE | Name | Operator | Version |
---|---|---|---|
kasseler-cms | le | 2 |