HomePentest-Tools.com Logo

Contenido CMS Multiple Parameter Cross-Site Scripting Vulnerabilities CVE-2014-9433

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Contenido CMS is prone to multiple cross-site scripting vulnerabilities.

Risk description

Multiple flaws exist as input passed via the idart, lang, or idcat GET parameters to cms/front_content.php script is not properly sanitised before being returned to the user within the checkParams function. Successful exploitation will allow remote attackers to execute arbitrary HTML and script code in a users browser session in the context of an affected site.

Recommendation

Upgrade to Contenido CMS version 4.9.6 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Dec 31, 2014
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available