Description
Multiple cross-site scripting (XSS) vulnerabilities in the comment feature in Skeletonz CMS 1.0, when the Blog plugin is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Website, and (3) Email parameters. NOTE: some of these details are obtained from third party information.
Exploits (1)
References (6)
Core 6
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45081
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/69514
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8081
Exploit x_refsource_misc
http://packetstormsecurity.org/files/view/96151/skeletonzcms-xss.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42385
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/15625
Scores
EPSS
0.0048
EPSS Percentile
65.3%
Details
CWE
CWE-79
Status
published
Products (1)
amix/skeletonz_cms_1.0
Published
Feb 16, 2011
Tracked Since
Feb 18, 2026