Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| krisonav | krisonav | 0.9.5 |
| krisonav | krisonav | 2.1.5 |
| krisonav | krisonav | 1.1.35 |
| krisonav | krisonav | 1.0.1 |
| krisonav | krisonav | 2.1.3 |
| krisonav | krisonav | 0.9.7 |
| krisonav | krisonav | 0.9.4 |
| krisonav | krisonav | 1.0.0 |
| krisonav | krisonav | 0.9.6 |
| krisonav | krisonav | 3.0.0 |
| krisonav | krisonav | 2.1.6 |
| krisonav | krisonav | 1.0.2 |
| krisonav | krisonav | 2.0.1 |
| krisonav | krisonav | * |
| krisonav | krisonav | 0.9.3 |
Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-352,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| krisonav | krisonav | 0.9.5 |
| krisonav | krisonav | 2.1.5 |
| krisonav | krisonav | 1.1.35 |
| krisonav | krisonav | 1.0.1 |
| krisonav | krisonav | 2.1.3 |
| krisonav | krisonav | 0.9.7 |
| krisonav | krisonav | 0.9.4 |
| krisonav | krisonav | 1.0.0 |
| krisonav | krisonav | 0.9.6 |
| krisonav | krisonav | 3.0.0 |
| krisonav | krisonav | 2.1.6 |
| krisonav | krisonav | 1.0.2 |
| krisonav | krisonav | 2.0.1 |
| krisonav | krisonav | * |
| krisonav | krisonav | 0.9.3 |