Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote malicious users to hijack web sessions by setting the PHPSESSID parameter.
source: wwwsecurityfocuscom/bid/31764/info
Elxis CMS is prone to multiple cross-site scripting and session-fixation vulnerabilities because it fails to sufficiently sanitize user-supplied data The application is also prone to a session-fixation vulnerability
An attacker may leverage these issues to execute arbitrary script code in th ...