MidnightBSD

Advisories for krisonav

CVE-2013-2712 MEDIUM

Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
krisonav krisonav 0.9.5
krisonav krisonav 2.1.5
krisonav krisonav 1.1.35
krisonav krisonav 1.0.1
krisonav krisonav 2.1.3
krisonav krisonav 0.9.7
krisonav krisonav 0.9.4
krisonav krisonav 1.0.0
krisonav krisonav 0.9.6
krisonav krisonav 3.0.0
krisonav krisonav 2.1.6
krisonav krisonav 1.0.2
krisonav krisonav 2.0.1
krisonav krisonav *
krisonav krisonav 0.9.3
CVE-2013-2713 MEDIUM

Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
krisonav krisonav 0.9.5
krisonav krisonav 2.1.5
krisonav krisonav 1.1.35
krisonav krisonav 1.0.1
krisonav krisonav 2.1.3
krisonav krisonav 0.9.7
krisonav krisonav 0.9.4
krisonav krisonav 1.0.0
krisonav krisonav 0.9.6
krisonav krisonav 3.0.0
krisonav krisonav 2.1.6
krisonav krisonav 1.0.2
krisonav krisonav 2.0.1
krisonav krisonav *
krisonav krisonav 0.9.3