CVE-2013-5108

RockMongo <1.1.5 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the xn function in RockMongo 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) db parameter on the login page or (2) username parameter in a login.index action to index.php and other unspecified parameters.

References (3)

Scores

EPSS 0.0094
EPSS Percentile 76.0%

Details

CWE
CWE-79
Status published
Products (19)
rockmongo/rockmongo < 1.1.5
rockmongo/rockmongo
rockmongo/rockmongo
rockmongo/rockmongo
rockmongo/rockmongo
rockmongo/rockmongo
rockmongo/rockmongo
rockmongo/rockmongo
rockmongo/rockmongo
rockmongo/rockmongo
... and 9 more
Published Dec 05, 2013
Tracked Since Feb 18, 2026