Description
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kasseler CMS 1.3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) do, (2) id, and (3) uname parameters.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Gamoscu · textwebappsphp
https://www.exploit-db.com/exploits/33424
References (3)
Core 3
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/37435
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/10581
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/54953
Scores
EPSS
0.0050
EPSS Percentile
66.0%
Details
CWE
CWE-79
Status
published
Products (1)
kasseler-cms/kasseler_cms
1.3.4
Published
Apr 27, 2010
Tracked Since
Feb 18, 2026