Unrated severityNVD Advisory· Published Jan 1, 2015· Updated Jun 16, 2026
CVE-2011-5299
CVE-2011-5299
Description
Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via (1) the referer parameter to index.php, (2) the site_name parameter to admin/setup/config/general.php, (3) the group_name parameter to admin/subscribers/subscribers_groups.php, or (4) the field_name parameter to admin/setup/setup_fields.php.
Affected products
2cpe:2.3:a:pommo:pommo-ardvark:pr16.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:pommo:pommo-ardvark:pr16.1:*:*:*:*:*:*:*
- (no CPE)range: = PR16.1
Patches
Vulnerability mechanics
References
1- www.htbridge.com/advisory/HTB22976nvdExploit
News mentions
0No linked articles in our index yet.