Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via (1) the referer parameter to index.php, (2) the site_name parameter to admin/setup/config/general.php, (3) the group_name parameter to admin/subscribers/subscribers_groups.php, or (4) the field_name parameter to admin/setup/setup_fields.php.
References
Link | Resource |
---|---|
https://www.htbridge.com/advisory/HTB22976 | Exploit |
Configurations
Information
Published : 2015-01-01 03:59
Updated : 2015-01-02 16:36
NVD link : CVE-2011-5299
Mitre link : CVE-2011-5299
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
pommo
- pommo-ardvark