MidnightBSD

Advisories for x3cms

CVE-2014-8771 MEDIUM

Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
x3cms x3_cms 0.5.1.1
x3cms x3_cms 0.5.1
CVE-2014-8772 LOW

Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter.

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
x3cms x3_cms 0.5.1.1
x3cms x3_cms 0.5.1