CVE - CVE-2011-3835

CVE-ID
CVE-2011-3835	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow remote attackers to inject arbitrary web script or HTML via the Referer header to (1) admin/login.php and (2) admin/404.php; the (3) q parameter to search.php; the (4) theme_name parameter to theme_settings.php, (5) extension_name parameter to extension_settings.php, (6) q parameter to search.php, (7) type parameter to comments.php, sort parameter to (8) pages.php and (9) posts.php, and the (10) type and (11) q parameter to media.php in admin/; the sidebar parameter to (12) add_widget.php and (13) widgets.php, id parameter to (14) category_delete.php, (15) comment.php, (16) page_delete.php, and (17) post_delete.php, (18) type parameter to media.php, and (19) id and (20) sidebar parameter to widget_delete.php in mobile/; and the (21) name, (22) email, (23) website, and (24) comment parameters to index.php; and the (25) username parameter to admin/login.php.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:http://secunia.com/secunia_research/2011-84/ MISC:http://secunia.com/secunia_research/2011-86/ OSVDB:77914 URL:~~http://osvdb.org/77914~~ (Obsolete source) OSVDB:77920 URL:~~http://osvdb.org/77920~~ (Obsolete source) OSVDB:77921 URL:~~http://osvdb.org/77921~~ (Obsolete source) OSVDB:77922 URL:~~http://osvdb.org/77922~~ (Obsolete source) OSVDB:77923 URL:~~http://osvdb.org/77923~~ (Obsolete source) OSVDB:77924 URL:~~http://osvdb.org/77924~~ (Obsolete source) OSVDB:77925 URL:~~http://osvdb.org/77925~~ (Obsolete source) OSVDB:77926 URL:~~http://osvdb.org/77926~~ (Obsolete source) OSVDB:77927 URL:~~http://osvdb.org/77927~~ (Obsolete source) OSVDB:77928 URL:~~http://osvdb.org/77928~~ (Obsolete source) OSVDB:77929 URL:~~http://osvdb.org/77929~~ (Obsolete source) OSVDB:77930 URL:~~http://osvdb.org/77930~~ (Obsolete source) OSVDB:77931 URL:~~http://osvdb.org/77931~~ (Obsolete source) OSVDB:77932 URL:~~http://osvdb.org/77932~~ (Obsolete source) OSVDB:77933 URL:~~http://osvdb.org/77933~~ (Obsolete source) OSVDB:77934 URL:~~http://osvdb.org/77934~~ (Obsolete source) OSVDB:77935 URL:~~http://osvdb.org/77935~~ (Obsolete source) OSVDB:77936 URL:~~http://osvdb.org/77936~~ (Obsolete source) OSVDB:77937 URL:~~http://osvdb.org/77937~~ (Obsolete source) OSVDB:77938 URL:~~http://osvdb.org/77938~~ (Obsolete source) SECUNIA:46163 URL:http://secunia.com/advisories/46163 XF:wuzly-login-xss(71902) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/71902 XF:wuzly-multiple-xss(71899) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/71899 XF:wuzly-referer-header-xss(71906) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/71906
Assigning CNA
Flexera Software LLC
Date Record Created
20110926	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20110926)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)