CVE-2013-4759

Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
magnolia-cmsmagnolia_form_module
1.4
magnolia-cmsmagnolia_form_module
1.4.1
magnolia-cmsmagnolia_form_module
1.4.2
magnolia-cmsmagnolia_form_module
1.4.3
magnolia-cmsmagnolia_form_module
1.4.4
magnolia-cmsmagnolia_form_module
1.4.5
magnolia-cmsmagnolia_form_module
1.4.6
magnolia-cmsmagnolia_form_module
2.0
magnolia-cmsmagnolia_form_module
2.0.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://archives.neohapsis.com/archives/bugtraq/2013-07/0160.html
http://osvdb.org/95628
http://packetstormsecurity.com/files/122527/Magnolia-CMS-5.0.1-Community-Edition-Cross-Site-Scripting.html
http://www.securityfocus.com/bid/61423
https://exchange.xforce.ibmcloud.com/vulnerabilities/85940
https://www.htbridge.com/advisory/HTB23163
http://archives.neohapsis.com/archives/bugtraq/2013-07/0160.html
http://osvdb.org/95628
http://packetstormsecurity.com/files/122527/Magnolia-CMS-5.0.1-Community-Edition-Cross-Site-Scripting.html
http://www.securityfocus.com/bid/61423
https://exchange.xforce.ibmcloud.com/vulnerabilities/85940
https://www.htbridge.com/advisory/HTB23163