Published: 28/03/2014 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and previous versions allows remote malicious users to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gpeasy gpeasy cms 1.5
gpeasy gpeasy cms 1.6.1
gpeasy gpeasy cms 1.6.2
gpeasy gpeasy cms 2.3.2
gpeasy gpeasy cms 2.3.3
gpeasy gpeasy cms 2.4
gpeasy gpeasy cms 3.5
gpeasy gpeasy cms 3.5.1
gpeasy gpeasy cms 1.6
gpeasy gpeasy cms 2.3
gpeasy gpeasy cms 2.3.1
gpeasy gpeasy cms 3.0.4
gpeasy gpeasy cms 3.0.5
gpeasy gpeasy cms 1.6.3
gpeasy gpeasy cms 2.0.1
gpeasy gpeasy cms 3.0
gpeasy gpeasy cms 3.0.1
gpeasy gpeasy cms
gpeasy gpeasy cms 2.1
gpeasy gpeasy cms 2.2
gpeasy gpeasy cms 3.0.2
gpeasy gpeasy cms 3.0.3

source: wwwsecurityfocuscom/bid/57522/info gpEasy CMS is prone to a cross-site scripting vulnerability because it fails to sanitize user-supplied input An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site This may allow the attacker to steal cook ...

gpEasy versions 352 and below suffer from a cross site scripting vulnerability ...

CWE-79 http://packetstormsecurity.com/files/119805/gpEasy-3.5.2-Cross-Site-Scripting.html https://www.htbridge.com/advisory/HTB23137 http://osvdb.org/89536 http://archives.neohapsis.com/archives/bugtraq/2013-01/0104.html https://github.com/oyejorge/gpEasy-CMS/commit/40f1b4a5749a621cd27c5ca39900dbcf8701969d https://exchange.xforce.ibmcloud.com/vulnerabilities/81472 https://nvd.nist.gov https://www.exploit-db.com/exploits/38236/

CVE-2013-0807

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect