Cross site scripting

2015-01-0815:59:00

PRIOn knowledge base

www.prio-n.com

6.2 Medium

AI Score

Confidence

High

0.018 Low

EPSS

Percentile

88.1%

JSON

Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.

CPENameOperatorVersion
kajonale4.6.2

CPE	Name	Operator	Version
	kajona	le	4.6.2

References

packetstormsecurity.com/files/129826/Kajona-CMS-4.6-Cross-Site-Scripting.html

seclists.org/fulldisclosure/2015/Jan/11

sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-01.html

github.com/kajona/kajonacms/commit/563d39c327606232e480602f7b36ea6cb31bc6f7

www.kajona.de/de/News/newsdetails.Security-update-to-module-system.newsDetail.22ac42054aa88a07826c.html