CVE-2011-4918

Elxis Cms - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2, 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) task parameter to elxis/index.php, and (2) PATH_INFO to elxis/administrator/index.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Ewerson Guimaraes · textwebappsphp
https://www.exploit-db.com/exploits/36407
exploitdb WORKING POC VERIFIED
by Ewerson Guimaraes · textwebappsphp
https://www.exploit-db.com/exploits/36406

References (8)

Scores

EPSS 0.0100
EPSS Percentile 76.7%

Classification

CWE
CWE-79
Status published

Affected Products (3)

elxis/elxis_cms
elxis/elxis_cms
n/a/n/a

Timeline

Published Aug 29, 2012
Tracked Since Feb 18, 2026