Search

Find a vulnerability

Search criteria

    8 vulnerabilities by kajona

    CVE-2015-0917 (GCVE-0-2015-0917)

    Vulnerability from nvd – Published: 2015-01-08 15:00 – Updated: 2024-09-17 04:25
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:26:11.427Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/129826/Kajona-CMS-4.6-Cross-Site-Scripting.html"
              },
              {
                "name": "20150106 Reflecting XSS vulnerability in CMS Kajona v. 4.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Jan/11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.kajona.de/de/News/newsdetails.Security-update-to-module-system.newsDetail.22ac42054aa88a07826c.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-01.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/kajona/kajonacms/commit/563d39c327606232e480602f7b36ea6cb31bc6f7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-01-08T15:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/129826/Kajona-CMS-4.6-Cross-Site-Scripting.html"
            },
            {
              "name": "20150106 Reflecting XSS vulnerability in CMS Kajona v. 4.6",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Jan/11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.kajona.de/de/News/newsdetails.Security-update-to-module-system.newsDetail.22ac42054aa88a07826c.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-01.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/kajona/kajonacms/commit/563d39c327606232e480602f7b36ea6cb31bc6f7"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-0917",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/129826/Kajona-CMS-4.6-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/129826/Kajona-CMS-4.6-Cross-Site-Scripting.html"
                },
                {
                  "name": "20150106 Reflecting XSS vulnerability in CMS Kajona v. 4.6",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Jan/11"
                },
                {
                  "name": "https://www.kajona.de/de/News/newsdetails.Security-update-to-module-system.newsDetail.22ac42054aa88a07826c.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.kajona.de/de/News/newsdetails.Security-update-to-module-system.newsDetail.22ac42054aa88a07826c.html"
                },
                {
                  "name": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-01.html",
                  "refsource": "MISC",
                  "url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-01.html"
                },
                {
                  "name": "https://github.com/kajona/kajonacms/commit/563d39c327606232e480602f7b36ea6cb31bc6f7",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/kajona/kajonacms/commit/563d39c327606232e480602f7b36ea6cb31bc6f7"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-0917",
        "datePublished": "2015-01-08T15:00:00.000Z",
        "dateReserved": "2015-01-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:25:00.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4743 (GCVE-0-2014-4743)

    Vulnerability from nvd – Published: 2014-07-09 14:00 – Updated: 2024-08-06 11:27
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before 4.5 allow remote attackers to inject arbitrary web script or HTML via the search parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/kajona/kajonacms/commit/4a07f9… x_refsource_CONFIRM
    http://secunia.com/advisories/59540 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/68498 vdb-entryx_refsource_BID
    http://www.kajona.de/en/Development/Changelog/Cha… x_refsource_CONFIRM
    Date Public
    2014-06-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:27:36.866Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/kajona/kajonacms/commit/4a07f949c171da6aa9a6e6c19421b0df16297180"
              },
              {
                "name": "59540",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59540"
              },
              {
                "name": "68498",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68498"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before 4.5 allow remote attackers to inject arbitrary web script or HTML via the search parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-04-29T18:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/kajona/kajonacms/commit/4a07f949c171da6aa9a6e6c19421b0df16297180"
            },
            {
              "name": "59540",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59540"
            },
            {
              "name": "68498",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68498"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-4743",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before 4.5 allow remote attackers to inject arbitrary web script or HTML via the search parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/kajona/kajonacms/commit/4a07f949c171da6aa9a6e6c19421b0df16297180",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/kajona/kajonacms/commit/4a07f949c171da6aa9a6e6c19421b0df16297180"
                },
                {
                  "name": "59540",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59540"
                },
                {
                  "name": "68498",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/68498"
                },
                {
                  "name": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-4743",
        "datePublished": "2014-07-09T14:00:00.000Z",
        "dateReserved": "2014-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:27:36.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4742 (GCVE-0-2014-4742)

    Vulnerability from nvd – Published: 2014-07-09 14:00 – Updated: 2024-09-16 20:03
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:27:36.872Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/kajona/kajonacms/commit/8f1b18150cc2a8f27c96d9c4f94a81022fbb61e3"
              },
              {
                "name": "59540",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59540"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.netsparker.com/critical-xss-vulnerability-in-kajonacms"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-07-09T14:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/kajona/kajonacms/commit/8f1b18150cc2a8f27c96d9c4f94a81022fbb61e3"
            },
            {
              "name": "59540",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59540"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.netsparker.com/critical-xss-vulnerability-in-kajonacms"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-4742",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/kajona/kajonacms/commit/8f1b18150cc2a8f27c96d9c4f94a81022fbb61e3",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/kajona/kajonacms/commit/8f1b18150cc2a8f27c96d9c4f94a81022fbb61e3"
                },
                {
                  "name": "59540",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59540"
                },
                {
                  "name": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html"
                },
                {
                  "name": "https://www.netsparker.com/critical-xss-vulnerability-in-kajonacms",
                  "refsource": "MISC",
                  "url": "https://www.netsparker.com/critical-xss-vulnerability-in-kajonacms"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-4742",
        "datePublished": "2014-07-09T14:00:00.000Z",
        "dateReserved": "2014-07-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:03:12.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3805 (GCVE-0-2012-3805)

    Vulnerability from nvd – Published: 2012-07-12 19:00 – Updated: 2024-09-16 19:30
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:21:03.684Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "49849",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49849"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kajona.de/changelog_34x.de.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23097"
              },
              {
                "name": "20120711 Multiple Cross-Site Scripting (XSS) in Kajona",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0058.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-07-12T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "49849",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49849"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kajona.de/changelog_34x.de.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23097"
            },
            {
              "name": "20120711 Multiple Cross-Site Scripting (XSS) in Kajona",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0058.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-3805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "49849",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/49849"
                },
                {
                  "name": "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html"
                },
                {
                  "name": "http://www.kajona.de/changelog_34x.de.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.kajona.de/changelog_34x.de.html"
                },
                {
                  "name": "https://www.htbridge.com/advisory/HTB23097",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23097"
                },
                {
                  "name": "20120711 Multiple Cross-Site Scripting (XSS) in Kajona",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0058.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-3805",
        "datePublished": "2012-07-12T19:00:00.000Z",
        "dateReserved": "2012-06-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:35.808Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-0917 (GCVE-0-2015-0917)

    Vulnerability from cvelistv5 – Published: 2015-01-08 15:00 – Updated: 2024-09-17 04:25
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T04:26:11.427Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://packetstormsecurity.com/files/129826/Kajona-CMS-4.6-Cross-Site-Scripting.html"
              },
              {
                "name": "20150106 Reflecting XSS vulnerability in CMS Kajona v. 4.6",
                "tags": [
                  "mailing-list",
                  "x_refsource_FULLDISC",
                  "x_transferred"
                ],
                "url": "http://seclists.org/fulldisclosure/2015/Jan/11"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://www.kajona.de/de/News/newsdetails.Security-update-to-module-system.newsDetail.22ac42054aa88a07826c.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-01.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/kajona/kajonacms/commit/563d39c327606232e480602f7b36ea6cb31bc6f7"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-01-08T15:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://packetstormsecurity.com/files/129826/Kajona-CMS-4.6-Cross-Site-Scripting.html"
            },
            {
              "name": "20150106 Reflecting XSS vulnerability in CMS Kajona v. 4.6",
              "tags": [
                "mailing-list",
                "x_refsource_FULLDISC"
              ],
              "url": "http://seclists.org/fulldisclosure/2015/Jan/11"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://www.kajona.de/de/News/newsdetails.Security-update-to-module-system.newsDetail.22ac42054aa88a07826c.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-01.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/kajona/kajonacms/commit/563d39c327606232e480602f7b36ea6cb31bc6f7"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-0917",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://packetstormsecurity.com/files/129826/Kajona-CMS-4.6-Cross-Site-Scripting.html",
                  "refsource": "MISC",
                  "url": "http://packetstormsecurity.com/files/129826/Kajona-CMS-4.6-Cross-Site-Scripting.html"
                },
                {
                  "name": "20150106 Reflecting XSS vulnerability in CMS Kajona v. 4.6",
                  "refsource": "FULLDISC",
                  "url": "http://seclists.org/fulldisclosure/2015/Jan/11"
                },
                {
                  "name": "https://www.kajona.de/de/News/newsdetails.Security-update-to-module-system.newsDetail.22ac42054aa88a07826c.html",
                  "refsource": "CONFIRM",
                  "url": "https://www.kajona.de/de/News/newsdetails.Security-update-to-module-system.newsDetail.22ac42054aa88a07826c.html"
                },
                {
                  "name": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-01.html",
                  "refsource": "MISC",
                  "url": "http://sroesemann.blogspot.de/2015/01/report-for-advisory-sroeadv-2015-01.html"
                },
                {
                  "name": "https://github.com/kajona/kajonacms/commit/563d39c327606232e480602f7b36ea6cb31bc6f7",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/kajona/kajonacms/commit/563d39c327606232e480602f7b36ea6cb31bc6f7"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-0917",
        "datePublished": "2015-01-08T15:00:00.000Z",
        "dateReserved": "2015-01-08T00:00:00.000Z",
        "dateUpdated": "2024-09-17T04:25:00.288Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4742 (GCVE-0-2014-4742)

    Vulnerability from cvelistv5 – Published: 2014-07-09 14:00 – Updated: 2024-09-16 20:03
    VLAI
    Summary
    Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:27:36.872Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/kajona/kajonacms/commit/8f1b18150cc2a8f27c96d9c4f94a81022fbb61e3"
              },
              {
                "name": "59540",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59540"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.netsparker.com/critical-xss-vulnerability-in-kajonacms"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2014-07-09T14:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/kajona/kajonacms/commit/8f1b18150cc2a8f27c96d9c4f94a81022fbb61e3"
            },
            {
              "name": "59540",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59540"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.netsparker.com/critical-xss-vulnerability-in-kajonacms"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-4742",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/kajona/kajonacms/commit/8f1b18150cc2a8f27c96d9c4f94a81022fbb61e3",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/kajona/kajonacms/commit/8f1b18150cc2a8f27c96d9c4f94a81022fbb61e3"
                },
                {
                  "name": "59540",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59540"
                },
                {
                  "name": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html"
                },
                {
                  "name": "https://www.netsparker.com/critical-xss-vulnerability-in-kajonacms",
                  "refsource": "MISC",
                  "url": "https://www.netsparker.com/critical-xss-vulnerability-in-kajonacms"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-4742",
        "datePublished": "2014-07-09T14:00:00.000Z",
        "dateReserved": "2014-07-09T00:00:00.000Z",
        "dateUpdated": "2024-09-16T20:03:12.544Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2014-4743 (GCVE-0-2014-4743)

    Vulnerability from cvelistv5 – Published: 2014-07-09 14:00 – Updated: 2024-08-06 11:27
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before 4.5 allow remote attackers to inject arbitrary web script or HTML via the search parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/kajona/kajonacms/commit/4a07f9… x_refsource_CONFIRM
    http://secunia.com/advisories/59540 third-party-advisoryx_refsource_SECUNIA
    http://www.securityfocus.com/bid/68498 vdb-entryx_refsource_BID
    http://www.kajona.de/en/Development/Changelog/Cha… x_refsource_CONFIRM
    Date Public
    2014-06-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T11:27:36.866Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/kajona/kajonacms/commit/4a07f949c171da6aa9a6e6c19421b0df16297180"
              },
              {
                "name": "59540",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/59540"
              },
              {
                "name": "68498",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/68498"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2014-06-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before 4.5 allow remote attackers to inject arbitrary web script or HTML via the search parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2015-04-29T18:57:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/kajona/kajonacms/commit/4a07f949c171da6aa9a6e6c19421b0df16297180"
            },
            {
              "name": "59540",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/59540"
            },
            {
              "name": "68498",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/68498"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2014-4743",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before 4.5 allow remote attackers to inject arbitrary web script or HTML via the search parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/kajona/kajonacms/commit/4a07f949c171da6aa9a6e6c19421b0df16297180",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/kajona/kajonacms/commit/4a07f949c171da6aa9a6e6c19421b0df16297180"
                },
                {
                  "name": "59540",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/59540"
                },
                {
                  "name": "68498",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/68498"
                },
                {
                  "name": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.kajona.de/en/Development/Changelog/Changelog-V4-5/changelog_45.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2014-4743",
        "datePublished": "2014-07-09T14:00:00.000Z",
        "dateReserved": "2014-07-09T00:00:00.000Z",
        "dateUpdated": "2024-08-06T11:27:36.866Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2012-3805 (GCVE-0-2012-3805)

    Vulnerability from cvelistv5 – Published: 2012-07-12 19:00 – Updated: 2024-09-16 19:30
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module. NOTE: some of these details are obtained from third party information.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T20:21:03.684Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "49849",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/49849"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.kajona.de/changelog_34x.de.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.htbridge.com/advisory/HTB23097"
              },
              {
                "name": "20120711 Multiple Cross-Site Scripting (XSS) in Kajona",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0058.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module.  NOTE: some of these details are obtained from third party information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2012-07-12T19:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "49849",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/49849"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.kajona.de/changelog_34x.de.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://www.htbridge.com/advisory/HTB23097"
            },
            {
              "name": "20120711 Multiple Cross-Site Scripting (XSS) in Kajona",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0058.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2012-3805",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) absender_name, (2) absender_email, or (3) absender_nachricht parameter to the content page; (4) comment_name, (5) comment_subject, or (6) comment_message parameter to the postacomment module; (7) module parameter to index.php; (8) action parameter to the admin login page; (9) pv or (10) pe parameter in a list action to the user module; (11) user_username, (12) user_email, (13) user_forename, (14) user_name, (15) user_street, (16) user_postal, (17) user_city, (18) user_tel, or (19) user_mobil parameter in a newUser action to the user module; (20) group_name or (21) group_desc parameter in a groupNew action to the user module; (22) name, (23) browsername, (24) seostring, (25) keywords, or (26) folder_id parameter in a newPage action to the pages module; (27) element_name or (28) element_cachetime parameter in a newElement action in the pages module; (29) aspect_name parameter in a newAspect action in the system module; (30) filemanager_name, (31) filemanager_path, (32) filemanager_upload_filter, or (33) filemanager_view_filter parameter in a NewRepo action to the filemanager module; or (34) archive_title or (35) archive_path parameter in a newArchive action to the downloads module.  NOTE: some of these details are obtained from third party information."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "49849",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/49849"
                },
                {
                  "name": "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.kajona.de/newsdetails.Kajona-V3-4-2-available.newsDetail.616decb4fe9b7a5929fb.en.html"
                },
                {
                  "name": "http://www.kajona.de/changelog_34x.de.html",
                  "refsource": "CONFIRM",
                  "url": "http://www.kajona.de/changelog_34x.de.html"
                },
                {
                  "name": "https://www.htbridge.com/advisory/HTB23097",
                  "refsource": "MISC",
                  "url": "https://www.htbridge.com/advisory/HTB23097"
                },
                {
                  "name": "20120711 Multiple Cross-Site Scripting (XSS) in Kajona",
                  "refsource": "BUGTRAQ",
                  "url": "http://archives.neohapsis.com/archives/bugtraq/2012-07/0058.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2012-3805",
        "datePublished": "2012-07-12T19:00:00.000Z",
        "dateReserved": "2012-06-27T00:00:00.000Z",
        "dateUpdated": "2024-09-16T19:30:35.808Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }