QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4918

Published: Aug 29, 2012

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2, 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) task parameter to elxis/index.php, and (2) PATH_INFO to elxis/administrator/index.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20111205 [DCA-2011-0014] - Elxis CMS Cross Site Script

mailing-list

x_refsource_BUGTRAQ

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

vdb-entry

x_refsource_BID

vdb-entry

x_refsource_OSVDB

http://forum.elxis.org/index.php?PHPSESSID=v9i7kgmmb2554ldmlcmbj32ugjd0ngpc&topic=5144.msg43327#msg43327

x_refsource_CONFIRM

[oss-security] 20111231 Re: CVE-request: Elxis CMS two XSS-vulnerabilities

mailing-list

x_refsource_MLIST

elxiscms-index-xss(71648)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.