8 matches found
CVE-2013-2712
Cross-site scripting XSS vulnerability in services/getarticle.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter...
CVE-2013-2712
Cross-site scripting XSS vulnerability in services/getarticle.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter...
CVE-2013-2712
KrisonAV CMS is affected by CVE-2013-2712 (XSS) in the /services/get_article.php endpoint, where user-supplied data passed via the content parameter can execute arbitrary script/HTML in a victim user’s browser. The vulnerability affects KrisonAV CMS prior to version 3.0.2 and arises from insuffic...
Multiple Vulnerabilities in KrisonAV CMS
Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79,...
KrisonAV CMS 3.0.1 - Multiple Vulnerabilities
KrisonAV CMS 3.0.1 - Multiple Vulnerabilities Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013...
KrisonAV CMS 3.0.1 - Multiple Vulnerabilities
Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79,...
KrisonAV CMS 3.0.1 CSRF / Cross Site Scripting
Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79,...
Multiple Vulnerabilities in KrisonAV CMS
High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in KrisonAV CMS, which can be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-Site Scripting XSS vulnerability in KrisonAV CMS: CVE-2013-2712 The vulnerability exists due to...