CVE-2017-11180

Name of the Vulnerable Software and Affected Versions FineCMS through 2017-07-11

Description The issue concerns stored XSS in the logging functionality. This can be triggered by an XSS payload in the User-Agent header of an HTTP request or the username entered on the login screen.

Recommendations For FineCMS through 2017-07-11, consider disabling the logging functionality temporarily to mitigate the risk of exploitation. Restrict access to the login screen and limit the ability to inject malicious code into the User-Agent header or username field until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.