Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in razorCMS prior to 0.4 allow remote malicious users to inject arbitrary web script or HTML via (1) the slab parameter in an edit action, (2) the catname parameter in a showcats action, and (3) the cat parameter in a reordercat action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
razorcms razorcms |
||
razorcms razorcms 0.2 |