3 matches found
CVE-2015-0918
Cross-site scripting XSS vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php...
CVE-2015-0918
Cross-site scripting XSS vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php...
CVE-2015-0918
The CVE-2015-0918 entry concerns Sefrengo, a PHP/MySQL-based open source CMS. The vulnerability is an XSS in the administrative backend present in Sefrengo before version 1.6.1, exploitable via the searchterm parameter to backend/main.php. The affected component is the admin backend; the root cau...