CVE-2013-3920
CVE-2013-3920: Jahia xCM before 6.6.2 contains an XSS vulnerability allowing remote authenticated users to inject arbitrary script or HTML via the about me field. CVE-2013-4617: Jahia xCM before 6.6.2 does not set the HTTPOnly flag on the JSESSIONID cookie, enabling potential script access to the...