Multiple cross-site scripting (XSS) vulnerabilities in statistics.php in Content Management Made Easy (CMME) 1.12 allow remote malicious users to inject arbitrary web script or HTML via the (1) page and (2) year parameters in an hstat_year action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
hans oesterholt cmme 1.12 |