[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 30 Dec 2011 13:49:50 +0200
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: CVE-request: Elxis CMS two XSS-vulnerabilities
1) Input passed to the "task" parameter in index.php (when "option" is set to "com_content") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
http://osvdb.org/show/osvdb/77563
2) Input passed via the URL to administrator/index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
http://osvdb.org/show/osvdb/77564
http://secunia.com/advisories/47073/
Fixed in same version "2009.3 Aphrodite rev2684" so one CVE-identifier might be enough.
- Henri Salo
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
