CVE-2011-4709

Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in the Search plugin 1.3 for Hotaru CMS allow remote attackers to inject arbitrary web script or HTML via the (1) SITE_NAME parameter to admin_index.php, or the (2) return and (3) search parameters to index.php.  NOTE: some of these details are obtained from third party information.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
hotarusearch_plugin
1.3
hotaruhotaru_cms
1.4.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/46842
http://www.osvdb.org/77095
http://www.zeroscience.mk/codes/hotarucms_xss.txt
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5057.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/71300
https://exchange.xforce.ibmcloud.com/vulnerabilities/71301
https://exchange.xforce.ibmcloud.com/vulnerabilities/71302
http://secunia.com/advisories/46842
http://www.osvdb.org/77095
http://www.zeroscience.mk/codes/hotarucms_xss.txt
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5057.php
https://exchange.xforce.ibmcloud.com/vulnerabilities/71300
https://exchange.xforce.ibmcloud.com/vulnerabilities/71301
https://exchange.xforce.ibmcloud.com/vulnerabilities/71302