PT-2017-11820 · Finecms · Finecms
Lorexxar
·
Publicado
2017-07-13
·
Atualizado
2017-07-16
·
CVE-2017-11202
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
FineCMS through 2017-07-12
Description
The issue allows for XSS in visitors.php due to the lack of restriction on JavaScript in visited URLs, both during logging and when reading logs.
Recommendations
For FineCMS through 2017-07-12, restrict JavaScript in visited URLs during logging and when reading logs to prevent XSS exploitation.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Finecms