RSS   Vulnerabilities for 'Jahia xcm'   RSS

2013-11-27
 
CVE-2013-4624

CWE-79
 

 
Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or the (3) username, (4) firstName, (5) lastName, (6) email, or (7) organization field to administration/ in a users action.

 
 
CVE-2013-4617

CWE-200
 

 
Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie.

 
 
CVE-2013-3920

CWE-79
 

 
Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field.

 


Copyright 2019, cxsecurity.com

 

Back to Top