CVE-2015-1422

CVSS V2 Medium 4.3 CVSS V3 None
Description
Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) jak_css, (5) jak_delete_log[], (6) jak_email, (7) jak_extfile, (8) jak_file, (9) jak_hookshow[], (10) jak_img, (11) jak_javascript, (12) jak_lcontent, (13) jak_name, (14) jak_password, (15) jak_showcontact, (16) jak_tags, (17) jak_title, (18) jak_url, (19) jak_username, (20) real_hook_id[], (21) sp, (22) sreal_plugin_id[], (23) ssp, or (24) sssp parameter to admin/index.php or the (25) editor, (26) field_id, (27) fldr, (28) lang, (29) popup, (30) subfolder, or (31) type parameter to js/editor/plugins/filemanager/dialog.php.
Overview
  • CVE ID
  • CVE-2015-1422
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2015-01-29T15:59:01
  • Last Modified Date
  • 2017-09-08T01:29:48
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:jakweb:gecko_cms:2.2:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:jakweb:gecko_cms:2.3:*:*:*:*:*:*:* 1 OR
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:M/Au:N/C:N/I:P/A:N
  • Access Vector
  • NETWORK
  • Access Compatibility
  • MEDIUM
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • PARTIAL
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Severity
  • MEDIUM
  • Exploitability Score
  • 8.6
  • Impact Score
  • 2.9
References
Reference URL Reference Tags
http://packetstormsecurity.com/files/129929/Gecko-CMS-2.2-2.3-CSRF-XSS-SQL-Injection.html Exploit
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5222.php Exploit
http://www.exploit-db.com/exploits/35767 Exploit
http://osvdb.org/show/osvdb/116969
http://osvdb.org/show/osvdb/116970
http://osvdb.org/show/osvdb/116967
https://exchange.xforce.ibmcloud.com/vulnerabilities/99977
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2015-1422
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1422
History
Created Old Value New Value Data Type Notes
2022-05-10 08:39:00 Added to TrackCVE
2022-12-02 03:21:56 2015-01-29T15:59Z 2015-01-29T15:59:01 CVE Published Date updated
2022-12-02 03:21:56 2017-09-08T01:29:48 CVE Modified Date updated
2022-12-02 03:21:56 Modified Vulnerability Status updated