oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-request: Elxis CMS two XSS-vulnerabilities

From: Henri Salo <henri () nerv fi>
Date: Fri, 30 Dec 2011 13:49:50 +0200
1) Input passed to the "task" parameter in index.php (when "option" is set to "com_content") is not properly sanitised 
before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser 
session in context of an affected site.
http://osvdb.org/show/osvdb/77563

2) Input passed via the URL to administrator/index.php is not properly sanitised before being returned to the user. 
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected 
site.
http://osvdb.org/show/osvdb/77564

http://secunia.com/advisories/47073/

Fixed in same version "2009.3 Aphrodite rev2684" so one CVE-identifier might be enough.

- Henri Salo
Previous By Date Next
Previous By Thread Next

Current thread: