Cross site scripting

2014-12-3122:59:00

PRIOn knowledge base

www.prio-n.com

6 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web script or HTML via the (1) idart, (2) lang, or (3) idcat parameter.

CPENameOperatorVersion
contendioeq4.9.3
contendioeq4.9.4
contendioeq4.9.1
contendioeq4.9.0
contendioeq4.9.2
contendioeq4.9.5

Name	Operator	Version
contendio	eq	4.9.3
contendio	eq	4.9.4
contendio	eq	4.9.1
contendio	eq	4.9.0
contendio	eq	4.9.2
contendio	eq	4.9.5

References

packetstormsecurity.com/files/129713/CMS-Contenido-4.9.5-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2014/Dec/111

secunia.com/advisories/61396

sroesemann.blogspot.de/2014/12/report-for-advisory-sroeadv-2014-03.html

www.contenido.org/de/cms/CONTENIDO/News/index-c-2044-3.html

www.securityfocus.com/archive/1/534320/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/99497