Kajona
Monthly
Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.
Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.
Multiple cross-site scripting (XSS) vulnerabilities in the getAllPassedParams function in system/functions.php in Kajona before 3.4.2 allow remote attackers to inject arbitrary web script or HTML via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.