CVE-2011-4918 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) task parameter to elxis/index.php and (2) PATH_INFO to elxis/administrator/index.php.

Reference

http://forum.elxis.org/index.php?PHPSESSID=v9i7kgmmb2554ldmlcmbj32ugjd0ngpc&topic=5144.msg43327msg43327 http://secunia.com/advisories/47073 http://www.openwall.com/lists/oss-security/2011/12/31/2 http://www.osvdb.org/77563 http://www.osvdb.org/77564 http://www.securityfocus.com/archive/1/520748/100/0/threaded http://www.securityfocus.com/bid/50910 https://exchange.xforce.ibmcloud.com/vulnerabilities/71648