CVE-2013-4722

2014-04-2517:12:03

CWE-79

[email protected]

web.nvd.nist.gov

cve-2013-4722

xss vulnerabilities

admin/login/default.asp

ddsn interactive cm3 acora cms

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

55.9%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Admin/login/default.asp in DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) url, (3) qstr parameter.

Affected configurations

NVD

Node

ddsncm3_acora_content_management_systemMatch5.5.0\/1b-p1

ddsncm3_acora_content_management_systemMatch5.5.7\/12b

ddsncm3_acora_content_management_systemMatch6.0.2\/1a

ddsncm3_acora_content_management_systemMatch6.0.6\/1a

CPENameOperatorVersion
ddsn:cm3_acora_content_management_systemddsn cm3 acora content management systemeq5.5.0\/1b-p1
ddsn:cm3_acora_content_management_systemddsn cm3 acora content management systemeq5.5.7\/12b
ddsn:cm3_acora_content_management_systemddsn cm3 acora content management systemeq6.0.2\/1a
ddsn:cm3_acora_content_management_systemddsn cm3 acora content management systemeq6.0.6\/1a

CPE	Name	Operator	Version
ddsn:cm3_acora_content_management_system	ddsn cm3 acora content management system	eq	5.5.0\/1b-p1
ddsn:cm3_acora_content_management_system	ddsn cm3 acora content management system	eq	5.5.7\/12b
ddsn:cm3_acora_content_management_system	ddsn cm3 acora content management system	eq	6.0.2\/1a
ddsn:cm3_acora_content_management_system	ddsn cm3 acora content management system	eq	6.0.6\/1a