CVE-2014-9522

Published: Jan 5, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.

Affected (1)

Products: Papoo: Cms Papoo Light

Papoo

1 product

Cms Papoo Light

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Papoo Cms Papoo Light	Version 6.0.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (12)

http://osvdb.org/show/osvdb/115944

Source: cve@mitre.org

http://packetstormsecurity.com/files/129586/CMS-Papoo-6.0.0-Revision-4701-Cross-Site-Scripting.html

Source: cve@mitre.org

Exploit

http://sroesemann.blogspot.de/2014/12/bericht-zu-advisory-sroeadv-2014-01.html

Source: cve@mitre.org

Exploit

http://www.exploit-db.com/exploits/35551

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/534243/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/71676

Source: cve@mitre.org

http://osvdb.org/show/osvdb/115944