| |
Vulnerability CVE-2014-9146
Published: 2015-04-14
Description: |
Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS 2.0.1.8 allow remote attackers to inject arbitrary web script or HTML via the (1) view, (2) id, (3) page, or (4) app parameter to the default URI or the (5) act parameter to dapur/index.php. |
See advisories in our WLB2 database: | Topic | Author | Date |
Med. |
| Mahendra | 31.03.2015 |
CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
4.3/10 |
2.9/10 |
8.6/10 |
Exploit range |
Attack complexity |
Authentication |
Remote |
Medium |
No required |
Confidentiality impact |
Integrity impact |
Availability impact |
None |
Partial |
None |
References: |
http://packetstormsecurity.com/files/131165/FiyoCMS-2.0.1.8-XSS-SQL-Injection-URL-Bypass.html
|
|
|
closedb();
?>
Copyright 2024, cxsecurity.com
|
|
|