3 matches found
glFusion 1.2.2 - Multiple XSS Vulnerabilities
No description provided by source...
CVE-2013-1466
CVE-2013-1466 affects glFusion (CMS) prior to 1.2.2.pl4 with multiple cross-site scripting (XSS) vulnerabilities. The flaw allows remote attackers to inject arbitrary HTML/JavaScript via user-supplied fields in several pages: profiles.php (subject), calendar/index.php (address1, address2, calenda...
glFusion 1.2.2 - Multiple XSS Vulnerabilities
Exploit for php platform in category web applications High-Tech Bridge Security Research Lab discovered multiple XSS vulnerabilities in glFusion, which can be exploited to perform Cross-Site Scripting attacks. glFusion has a "badbehaviour" plugin installed by default that verifies HTTP Referer,...