VYPR
Unrated severityNVD Advisory· Published May 13, 2013· Updated Jun 16, 2026

CVE-2013-3535

CVE-2013-3535

Description

Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 and 1.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) admin_email, (2) header_title, (3) site_title parameter to admin/settings; (4) recaptcha_private or (5) recaptcha_public parameter to admin/captcha_settings; (6) fb_appid, (7) fp_secret, (8) tw_consumer_key, or (9) tw_consumer_secret parameter to admin/social_settings; (10) slug parameter to admin/gallery/save_item_settings; or (11) item_link parameter to admin/edit_menu_item_ajax. NOTE: this issue might be resultant from CSRF.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • CMSLogik/CMSLogik3 versions
    cpe:2.3:a:themelogik:cmslogik:1.2.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:themelogik:cmslogik:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:themelogik:cmslogik:1.2.1:*:*:*:*:*:*:*
    • (no CPE)range: <=1.2.1

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.

CVE-2013-3535 · VYPR