Description
Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF).
Affected products
- astalavista_it_engineering / contrexx1.0.8
- astalavista_it_engineering / contrexx1.0.4 – 1.0.4
- astalavista_it_engineering / contrexx1.0.5 – 1.0.5
- astalavista_it_engineering / contrexx1.0.7 – 1.0.7
References
- MISChttp://soot.shabgard.org/Contrexx-CMS.txt
- MISChttp://securityreason.com/securityalert/599
- MISChttp://www.contrexx.com/?section=media1&act=download&path=/media/archive1/Opensource/Bugfixes/contrexx_1.0.8/&file=contrexx_v1.0.8_bugfix_27-02-06.zip
- MISChttp://www.contrexx.com/?section=news&cmd=details&newsid=54
- MISChttp://www.securityfocus.com/archive/1/428075/100/0/threaded
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/1013
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/25332
- VENDOR_ADVISORYhttp://secunia.com/advisories/19294
- MISChttp://www.securityfocus.com/bid/17128