3 matches found
CVE-2012-3805
CVE-2012-3805 describes multiple XSS vulnerabilities in Kajona up to version 3.4.2, exploitable via numerous GET/POST parameters across modules (content, postacomment, index, admin login, user, pages, filemanager, downloads, etc.). The root cause is inadequate sanitisation in getAllPassedParams, ...
CVE-2012-3805
Multiple cross-site scripting XSS vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the 1 absendername, 2 absenderemail, or 3 absendernachricht parameter to the content page; 4...
Kajona 3.4.1 Cross Site Scripting
Advisory ID: HTB23097 Product: Kajona Vendor: www.kajona.de Vulnerable Versions: 3.4.1 and probably prior Tested Version: 3.4.1 Vendor Notification: 20 June 2012 Vendor Patch: 26 June 2012 Public Disclosure: 11 July 2012 Vulnerability Type: Cross-Site Scripting XSS CVE Reference: CVE-2012-3805...