Unrated severityNVD Advisory· Published Mar 28, 2014· Updated May 6, 2026
CVE-2013-0807
CVE-2013-0807
Description
Cross-site scripting (XSS) vulnerability in the NewSectionPrompt function in include/tool/editing_page.php in gpEasy CMS 3.5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the section parameter in a new_section action to index.php.
Affected products
30cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc1:*:*:*:*:*:*+ 29 more
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc1:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc2:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc3:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc4:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:rc5:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:2.1:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:2.2:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:*:*:*:*:*:*:*:*range: <=3.5.2
- cpe:2.3:a:gpeasy:gpeasy_cms:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc2:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc3:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.5:rc4:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:1.6:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:2.3:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:2.4:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:3.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:3.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:3.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:3.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:gpeasy:gpeasy_cms:3.5.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- archives.neohapsis.com/archives/bugtraq/2013-01/0104.htmlnvdExploit
- packetstormsecurity.com/files/119805/gpEasy-3.5.2-Cross-Site-Scripting.htmlnvdExploit
- github.com/oyejorge/gpEasy-CMS/commit/40f1b4a5749a621cd27c5ca39900dbcf8701969dnvdExploitPatch
- www.htbridge.com/advisory/HTB23137nvdExploit
- osvdb.org/89536nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/81472nvd
News mentions
0No linked articles in our index yet.