CVE-2013-3920

Jahia Xcm < 6.6.1 - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field.

References (1)

[Exploit] https://www.navixia.com/blog/entry/navixia-finds-critical-vulnerabilities-in-jahia-cve-2013-3920-cve-2013-4617.html

Scores

EPSS 0.0016

EPSS Percentile 36.5%

Details

CWE

CWE-79

Status published

Products (2)

jahia/jahia_xcm < 6.6.1

n/a/n/a

Published Nov 27, 2013

Tracked Since Feb 18, 2026