CVE-2011-4340
CVE-2011-4340
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.2.3 and possibly other versions before 2.2.4 allow remote authenticated users with Author privileges to inject arbitrary web script or HTML via (1) the profile parameter to extensions/profiledevkit/content/content.profile.php, as demonstrated via requests to (a) the default URI, (b) about/, or (c) drafts/; or (2) the filter parameter in symphony/lib/core/class.symphony.php, as demonstrated via requests to (d) symphony/publish/comments or (e) symphony/publish/images. NOTE: some of these details are obtained from third party information.
Productos afectados
n/a · n/aPoCs públicas encontradas — 2
cve_referencepacketstormsecurity.org/files/view/106493/symphonycms-sqlxss.txtno verificadoexploitdbwww.exploit-db.com/exploits/36280no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://packetstormsecurity.org/files/view/106493/symphonycms-sqlxss.txthttp://seclists.org/bugtraq/2011/Nov/8http://secunia.com/advisories/46663https://exchange.xforce.ibmcloud.com/vulnerabilities/71106http://symphony-cms.com/download/releases/version/2.2.4/http://www.mavitunasecurity.com/xss-and-sql-injection-vulnerabilities-in-symphony-cms/http://www.openwall.com/lists/oss-security/2011/11/22/9http://www.osvdb.org/76882http://www.osvdb.org/76883