CVE-2012-4890

FlatnuX CMS <2011 08.09.2 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS 2011 08.09.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) comment to the news, (2) title to the news, or (3) the folder names in a gallery.

References (7)

[Exploit] http://packetstormsecurity.org/files/111473/Flatnux-CMS-2011-08.09.2-CSRF-XSS-Directory-Traversal.html

[Vendor Advisory] http://secunia.com/advisories/48656

[Vendor Advisory] http://secunia.com/advisories/48676

[Various Sources] http://www.vulnerability-lab.com/get_content.php?id=487

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/52846

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/74566

[Third Party Advisory, VDB Entry] http://www.osvdb.org/80877

Scores

EPSS 0.0052

EPSS Percentile 66.4%

Classification

CWE

CWE-79

Status published

Affected Products (5)

flatnux/flatnux < 2011-08-09-2

flatnux/flatnux

n/a/n/a

Timeline

Published Sep 10, 2012

Tracked Since Feb 18, 2026