CVE-2013-4759 Information

Description

Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username (2) fullname or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-07/0160.html http://osvdb.org/95628 http://packetstormsecurity.com/files/122527/Magnolia-CMS-5.0.1-Community-Edition-Cross-Site-Scripting.html http://www.securityfocus.com/bid/61423 https://exchange.xforce.ibmcloud.com/vulnerabilities/85940 https://www.htbridge.com/advisory/HTB23163