2 matches found
Cross-Site Scripting (XSS)
hotarucms/hotarucms is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser by storing malicious Javascript code in the sitename parameter. This CVE ID is related to CVE-2011-4709...
CVE-2019-17522
A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the adminindex.php?page=settings SITE NAME field aka SITENAME, a related issue to CVE-2011-4709.1...