QwikSec

Security Database

CVE

CWE

Training

CVE-2015-1562

Published: Feb 9, 2015

Modified: Sep 17, 2024

PUBLISHED

Description

Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter to admin/user_management.php, (2) data_search parameter to /admin/profile_data.php, or (3) filter parameter to error_log.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-05.html

x_refsource_MISC

http://sroesemann.blogspot.de/2015/01/sroeadv-2015-05.html

x_refsource_MISC

20150127 Reflecting XSS vulnerabilities in CMS Saurus v. 4.7 (CE)

mailing-list

x_refsource_FULLDISC

[oss-security] 20150128 CVE-Request -- Saurus CMS v.4.7 (Community Edition, released: 12.08.2014) -- Multiple reflecting XSS vulnerabilities

mailing-list

x_refsource_MLIST

https://github.com/sauruscms/Saurus-CMS-Community-Edition/commit/8dec044d0fdabcb9b04e58037623385a97b0d288

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.