Description
Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by High-Tech Bridge SA · htmlwebappsphp
https://www.exploit-db.com/exploits/33976
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/64570
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/40059
Exploit x_refsource_misc
http://packetstormsecurity.org/1005-exploits/sauruscms-xss.txt
Exploit x_refsource_misc
http://www.htbridge.ch/advisory/xss_in_saurus_cms.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/39773
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/511223/100/0/threaded
Scores
EPSS
0.0080
EPSS Percentile
74.1%
Details
CWE
CWE-79
Status
published
Products (1)
saurus/saurus_cms
4.7.0
Published
May 20, 2010
Tracked Since
Feb 18, 2026