Multiple cross-site scripting (XSS) vulnerabilities in (1) search_ajax.tpl and (2) search_ajax_small.tpl in templates/default/tpl/module_search/ in the Search module (module_search) in Kajona before 4.5 allow remote attackers to inject arbitrary web script or HTML via the search parameter.
Max CVSS
4.3
EPSS Score
0.21%
Published
2014-07-09
Updated
2015-10-06
Cross-site scripting (XSS) vulnerability in system/class_link.php in the System module (module_system) in Kajona before 4.5 allows remote attackers to inject arbitrary web script or HTML via the systemid parameter in a mediaFolder action to index.php.
Max CVSS
4.3
EPSS Score
0.25%
Published
2014-07-09
Updated
2014-07-10
2 vulnerabilities found