2 matches found
CVE-2014-9434
CVE-2014-9434 describes a cross-site scripting (XSS) vulnerability in the Absolut Engine 1.73 administrative backend, specifically in the file path admin/managerrelated.php. The issue allows remote authenticated users to inject arbitrary web script or HTML through the title parameter. The connect...
Absolut Engine 1.73 Cross Site Scripting / SQL Injection
Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v. 1.73 CMS Advisory ID: SROEADV-2014-08 Author: Steffen Rösemann Affected Software: CMS Absolut Engine v. 1.73 Vendor URL: http://www.absolutengine.com/ Vendor Status: solved CVE-ID: - ========================== Vulnerability...