3 matches found
CVE-2011-1953
CVE-2011-1953 affects Post Revolution prior to 0.8.0c-2. The vuln is a set of XSS flaws in common.php (allowed tags: p, a, strong, em, i, img, li, ol, video, blockquote) that do not sanitize attributes, enabling arbitrary script via tag attributes. A DoS path exists in a loop when removing non-pe...
CVE-2011-1952
CVE-2011-1952 affects Post Revolution up to version 0.8.0c. The DoS arises from a faulty loop in common.php when stripping non-permitted HTML: an attacker can trigger an infinite loop by posting crafted HTML (e.g., a
CVE-2011-1954
Post Revolution 0.8.0c and earlier is affected by CSRF in multiple endpoints (ajax-weblog-guardar.php, verpost.php, comments.php, perfil.php), enabling remote attackers to hijack user sessions. The vulnerability is described consistently across CVE-2011-1954 entries; the root cause is inadequate ...