vendor:
ConPresso CMS
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-site scripting, Cross-domain scripting, Session-fixation
79, 80, 384
CWE
Product Name: ConPresso CMS
Affected Version From: 04.07
Affected Version To: 04.07
Patch Exists: YES
Related CWE: N/A
CPE: a:conpresso:conpresso_cms
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
ConPresso CMS Multiple Remote Vulnerabilities
ConPresso CMS is prone to multiple remote vulnerabilities, including cross-site scripting, cross-domain scripting, and session-fixation vulnerabilities. An attacker can exploit these issues to execute arbitrary script code within the context of the affected browser or within the context of another frame, steal cookie-based authentication credentials, hijack a user's session, and gain unauthorized access to the affected application. Other attacks are also possible.
Mitigation:
Apply the latest security patches from the vendor and ensure that all users are using strong passwords.