Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the folder names in a gallery.
CPE | Name | Operator | Version |
---|---|---|---|
flatnux | eq | 20081211.0.0 | |
flatnux | eq | 200924.0.0 | |
flatnux | eq | <= 2011892 | |
flatnux | eq | 2009127.0.0 |