PT-2011-5188 · Pulse · Pulse Pro Cms

Published

2011-12-30

Updated

2017-08-29

CVE-2011-5041

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Pulse Pro CMS version 1.7.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities can be exploited via the d parameter in a "blocks" action and the post id parameter in an "edit-post" action to "index.php".

Recommendations For Pulse Pro CMS version 1.7.2, consider disabling the "blocks" and "edit-post" actions in index.php until a patch is available. Restrict access to the d and post id parameters to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2011-5041

Affected Products

Pulse Pro Cms

PT-2011-5188 · Pulse · Pulse Pro Cms

CVE-2011-5041

Weakness Enumeration

Related Identifiers

Affected Products

References · 7