CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2014/05/23 2:55 p.m.•16 views

CVE-2013-2713

Cross-site request forgery CSRF vulnerability in usersmaint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request...

6.8CVSS6.9AI score0.00922EPSS

Prion•added 2014/05/23 2:55 p.m.•21 views

Cross site request forgery (csrf)

6.8CVSS7.4AI score0.00922EPSS

Prion•added 2014/05/23 2:55 p.m.•14 views

Cross site scripting

Cross-site scripting XSS vulnerability in services/getarticle.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter...

4.3CVSS6.1AI score0.06607EPSS

CVE•added 2014/05/23 2:0 p.m.•48 views

CVE-2013-2713

KrisonAV CMS 3.0.1 (and likely earlier) is affected by a CSRF vulnerability in users_maint.html that allows an attacker to create a new administrator account via a crafted request. The root cause is insufficient verification of the HTTP request origin, enabling an unauthorized user to hijack admi...

6.8CVSS7AI score0.00922EPSS

Cvelist•added 2014/05/23 2:0 p.m.•18 views

CVE-2013-2712

Cross-site scripting XSS vulnerability in services/getarticle.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter...

5.6AI score0.06607EPSS

Cvelist•added 2014/05/23 2:0 p.m.•18 views

CVE-2013-2713

6.9AI score0.00922EPSS

CVE•added 2014/05/23 2:0 p.m.•54 views

CVE-2013-2712

KrisonAV CMS is affected by CVE-2013-2712 (XSS) in the /services/get_article.php endpoint, where user-supplied data passed via the content parameter can execute arbitrary script/HTML in a victim user’s browser. The vulnerability affects KrisonAV CMS prior to version 3.0.2 and arises from insuffic...

4.3CVSS5.6AI score0.06607EPSS

securityvulns•added 2013/05/06 12:0 a.m.•120 views

Multiple Vulnerabilities in KrisonAV CMS

Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013 Vulnerability Type: Cross-Site Scripting CWE-79,...

6.8CVSS6.6AI score0.06607EPSS

0day.today•added 2013/04/18 12:0 a.m.•40 views

KrisonAV CMS 3.0.1 - Multiple Vulnerabilities

Exploit for php platform in category web applications Advisory Details: High-Tech Bridge Security Research Lab discovered multiple vulnerabilities in KrisonAV CMS, which can be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-Site Scripting XSS vulnerabili...

6.8CVSS6.5AI score0.06607EPSS

Exploit DB•added 2013/04/18 12:0 a.m.•50 views

KrisonAV CMS 3.0.1 - Multiple Vulnerabilities

6.8CVSS6.4AI score0.06607EPSS

exploitpack•added 2013/04/18 12:0 a.m.•46 views

KrisonAV CMS 3.0.1 - Multiple Vulnerabilities

KrisonAV CMS 3.0.1 - Multiple Vulnerabilities Advisory ID: HTB23150 Product: KrisonAV CMS Vendor: http://www.krisonav.com Vulnerable Versions: 3.0.1 and probably prior Tested Version: 3.0.1 Vendor Notification: March 27, 2013 Vendor Patch: March 31, 2013 Public Disclosure: April 17, 2013...

6.8CVSS0.5AI score0.06607EPSS

Packet Storm•added 2013/04/17 12:0 a.m.•56 views

KrisonAV CMS 3.0.1 CSRF / Cross Site Scripting

6.8CVSS0.1AI score0.06607EPSS