CVE-2011-5255
Severity CVSS v4.0:
Pending analysis
Type:
CWE-79
Cross-Site Scripting (XSS)
Publication date:
31/01/2013
Last modified:
11/04/2025
Description
Multiple cross-site scripting (XSS) vulnerabilities in admin/login in X3 CMS 0.4.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, (2) username, or (3) password parameter.
Impact
Base Score 2.0
4.30
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:x3cms:x3_cms:*:*:*:*:*:*:*:* | 0.4.3.1 (including) | |
| cpe:2.3:a:x3cms:x3_cms:0.4:rc2:*:*:*:*:*:* | ||
| cpe:2.3:a:x3cms:x3_cms:0.4.0.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:x3cms:x3_cms:0.4.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:x3cms:x3_cms:0.4.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:x3cms:x3_cms:0.4.2.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0066.html
- http://osvdb.org/78220
- http://secunia.com/advisories/46748
- http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-04.txt
- http://www.securityfocus.com/bid/51346
- http://www.x3cms.net/en/news/article/dae363948eb4b27f8b02a84ca054c3fc/release_0.4.3.1
- http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/977
- http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/984
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72279
- http://archives.neohapsis.com/archives/bugtraq/2012-01/0066.html
- http://osvdb.org/78220
- http://secunia.com/advisories/46748
- http://www.infoserve.de/system/files/advisories/INFOSERVE-ADV2011-04.txt
- http://www.securityfocus.com/bid/51346
- http://www.x3cms.net/en/news/article/dae363948eb4b27f8b02a84ca054c3fc/release_0.4.3.1
- http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/977
- http://x3cms.bzr.sourceforge.net/bzr/x3cms/revision/984
- https://exchange.xforce.ibmcloud.com/vulnerabilities/72279