Vulnerability CVE-2011-4341

Vulnerability CVE-2011-4341

Published: 2012-02-12 Modified: 2012-02-15

Description:

	Topic	Author	Date
Med.	Symphony CMS 2.2.3 Cross Site Scripting / SQL Injection	Mesut Timur	03.11.2011

Type:

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Affected software
Symphony-cms -> Symphony cms

http://www.openwall.com/lists/oss-security/2011/11/22/9

https://github.com/symphonycms/symphony-2/commit/476e4926e2773588eab10dd3036f27e1411521b5

http://xforce.iss.net/xforce/xfdb/71105

http://www.osvdb.org/76884

http://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-symphony-cms/

http://symphony-cms.com/download/releases/version/2.2.4/

http://secunia.com/advisories/46663

http://seclists.org/bugtraq/2011/Nov/8

http://packetstormsecurity.org/files/view/106493/symphonycms-sqlxss.txt