PT-2008-4597 · Contentnow · Contentnow Cms
Published
2008-07-15
·
Updated
2017-09-29
·
CVE-2008-3180
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
ContentNow CMS version 1.4.1
Description:
The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via the
pageid parameter or PATH INFO.Recommendations:
For ContentNow CMS version 1.4.1, consider restricting access to the upload/file/language menu.php file until a patch is available. As a temporary workaround, avoid using the
pageid parameter in the affected endpoint.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Contentnow Cms