← Back

CVE-2013-1466

nvd nist
Published: Feb 5, 2014Modified: Apr 29, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:N/I:P/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) state, (7) title, (8) url, or (9) zipcode parameter to calendar/index.php; (10) title or (11) url parameter to links/index.php; or (12) PATH_INFO to admin/plugins/mediagallery/xppubwiz.php/.

Affected (44)

Products: Glfusion: Glfusion
Glfusion
1 product
Glfusion
Configuration A
44 vulnerable
Vulnerable SoftwareAffected Versions
Glfusion
Glfusion
Up to 1.2.2.pl3
Glfusion
Version 1.0.0
Glfusion
Version 1.0.0 rc1
Glfusion
Version 1.0.0 rc2
Glfusion
Version 1.0.1
Glfusion
Version 1.0.2
Glfusion
Version 1.1.0
Glfusion
Version 1.1.0 rc1
Glfusion
Version 1.1.1
Glfusion
Version 1.1.2
Glfusion
Version 1.1.3
Glfusion
Version 1.1.4.pl1
Glfusion
Version 1.1.4.pl2
Glfusion
Version 1.1.4.pl3
Glfusion
Version 1.1.4.pl4
Glfusion
Version 1.1.4
Glfusion
Version 1.1.5.pl1
Glfusion
Version 1.1.5.pl2
Glfusion
Version 1.1.5.pl3
Glfusion
Version 1.1.5
Glfusion
Version 1.1.6.pl1
Glfusion
Version 1.1.6.pl2
Glfusion
Version 1.1.6.pl3
Glfusion
Version 1.1.6.pl4
Glfusion
Version 1.1.6
Glfusion
Version 1.1.7
Glfusion
Version 1.1.8.pl1
Glfusion
Version 1.1.8.pl2
Glfusion
Version 1.1.8.pl3
Glfusion
Version 1.1.8.pl4
Glfusion
Version 1.1.8.pl5
Glfusion
Version 1.1.8.pl6
Glfusion
Version 1.1.8
Glfusion
Version 1.2.0.pl1
Glfusion
Version 1.2.0.pl2
Glfusion
Version 1.2.0.pl3
Glfusion
Version 1.2.0.pl4
Glfusion
Version 1.2.0.pl5
Glfusion
Version 1.2.0.pl6
Glfusion
Version 1.2.0.pl7
Glfusion
Version 1.2.0
Glfusion
Version 1.2.2.pl1
Glfusion
Version 1.2.2.pl2
Glfusion
Version 1.2.2

Related CWEs

CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (14)

Source: cve@mitre.org
Source: cve@mitre.org
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.