CVE-2009-4209 – moziloCMS 1.11 - Local File Inclusion / Full Path Disclosure / Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2009-4209

04 Dec 2009 — Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php in moziloCMS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) file parameters in an editsite action, different vectors than CVE-2008-6127 and CVE-2009-1367. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en admin/index.php de moziloCMS 1.11.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante los parámetros (1) "cat" y (... • https://www.exploit-db.com/exploits/8394 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •