Security Advisory
CVE-2013-3728
CVE vulnerability detail — eXtreme Datacenter Security Operations
Description
Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 r1232 allows remote authenticated users with permissions to create categories to inject arbitrary web script or HTML via the cat parameter in an admin_new_category action to admin.php.