CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2010-2717
https://notcve.org/view.php?id=CVE-2010-2717
Cross-site scripting (XSS) vulnerability in manager/login.php in CruxSoftware CruxCMS 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the txtusername parameter. Vulnerabilidad de ejecución de secuencias de comandos en sitios cruzados (XSS) manager/login.php de CruxSoftware CruxCMS v3.0, y posiblemente versiones anteriores, permite a atacantes remotos inyectar código web o HTML de su elección a través del parámetro "txtusername". • http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxcms_1.html http://www.securityfocus.com/archive/1/512245/100/0/threaded http://www.vupen.com/english/advisories/2010/1708 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-0700 – CruxCMS 3.0 - 'search.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2008-0700
Cross-site scripting (XSS) vulnerability in search.php in Crux Software CruxCMS 3.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en search.php de Crux Software CruxCMS 3.0 permite a atacantes remotos inyectar web script o HTML de su elección a través del parámetro search. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos a partir de la información de terceros. • https://www.exploit-db.com/exploits/31097 http://downloads.securityfocus.com/vulnerabilities/exploits/27588.html http://www.securityfocus.com/bid/27588 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •