moziloCMS Prior to 1.10.3 Multiple Vulnerabilities

moziloCMS Prior to 1.10.3 Multiple Vulnerabilities

moziloCMS is prone to multiple vulnerabilities, including a session-fixation issue, multiple directory-traversal issues, and multiple cross-site scripting issues.

An attacker may leverage these issues to view arbitrary local files within the context of the webserver, to execute arbitrary script code in the browser of an unsuspecting user, or to hijack a valid user's session.

Versions prior to moziloCMS 1.10.3 are vulnerable.

UPDATE (September 22, 2009): Further reports indicate that some or all of these issues may have been re-introduced in versions prior to moziloCMS 1.11.2.