CVE-2008-2987

Description

Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) admin_edit_submenu.php, (2) admin_new_submenu.php, and (3) admin_edit_topmenu.php in admin/.

Affected products

• benjacms / benja_cms0.1 – 0.1

References

• MISChttp://www.securityfocus.com/archive/1/493568/100/0/threaded
• MISChttp://securityreason.com/securityalert/3958
• VENDOR_ADVISORYhttp://secunia.com/advisories/30834
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/43284
• MISChttp://www.securityfocus.com/bid/29884