CVE-2013-3728

Kasseler-cms < 2 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php.

Exploits (1)

exploitdb WORKING POC

webappsphp

https://www.exploit-db.com/exploits/26623

View on exploitdb

References (7)

[Various Sources] http://diff.kasseler-cms.net/svn.html

[Patch, Vendor Advisory] http://diff.kasseler-cms.net/svn/patches/1232.html

[Exploit, Third Party Advisory] http://packetstormsecurity.com/files/122282/Kasseler-CMS-2-r1223-CSRF-XSS-SQL-Injection.html

[Exploit] http://seclists.org/bugtraq/2013/Jul/26

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/85408

[Exploit] https://www.htbridge.com/advisory/HTB23158

[Third Party Advisory, VDB Entry] http://osvdb.org/94780

Scores

EPSS 0.0092

EPSS Percentile 75.8%

Details

CWE

CWE-79

Status published

Products (2)

kasseler-cms/kasseler-cms < 2

n/a/n/a

Published Mar 13, 2014

Tracked Since Feb 18, 2026