Cross site scripting

2009-07-0815:30:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.5%

JSON

Cross-site scripting (XSS) vulnerability in the Html::textarea function in application/libraries/Html.php in TangoCMS 2.x before 2.3.0 allows remote attackers to inject arbitrary web script or HTML via the value parameter, related to the Contact module.

CPENameOperatorVersion
tangocmseq2.1.2
tangocmseq2.2.3
tangocmseq2.2.1
tangocmseq2.0.6
tangocmseq2.0.5
tangocmseq2.0.1
tangocmseq2.0.0
tangocmseq2.1.1
tangocmseq2.0.3
tangocmseq2.0.4

Name	Operator	Version
tangocms	eq	2.1.2
tangocms	eq	2.2.3
tangocms	eq	2.2.1
tangocms	eq	2.0.6
tangocms	eq	2.0.5
tangocms	eq	2.0.1
tangocms	eq	2.0.0
tangocms	eq	2.1.1
tangocms	eq	2.0.3
tangocms	eq	2.0.4

Rows per page:

1-10 of 141

References

dev.tangocms.org/issues/show/140

dev.tangocms.org/repositories/diff/tangocms?rev=2372

secunia.com/advisories/35642

tangocms.org/changelog

exchange.xforce.ibmcloud.com/vulnerabilities/51432