CVE-2013-3535
CVE-2013-3535
Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title parameter to admin/settings; (4) recaptcha_private or (5) recaptcha_public parameter to admin/captcha_settings; (6) fb_appid, (7) fp_secret, (8) tw_consumer_key, or (9) tw_consumer_secret parameter to admin/social_settings; (10) slug parameter to admin/gallery/save_item_settings; or (11) item_link parameter to admin/edit_menu_item_ajax. NOTE: this issue might be resultant from CSRF.
Affected products
n/a · n/apublic PoCs found — 3
cve_referencepacketstormsecurity.com/files/121303/CMSLogik-1.2.1-Cross-Site-Scripting.htmlunverifiedcve_referencewww.exploit-db.com/exploits/24959unverifiedexploitdbwww.exploit-db.com/exploits/24959unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://cxsecurity.com/issue/WLB-2013040105http://osvdb.org/92322http://osvdb.org/92323http://osvdb.org/92324http://osvdb.org/92325http://osvdb.org/92326http://packetstormsecurity.com/files/121303/CMSLogik-1.2.1-Cross-Site-Scripting.htmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/83429http://www.exploit-db.com/exploits/24959http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5136.php