PT-2017-13294 · Finecms · Finecms
Publicado
2017-09-07
·
Atualizado
2017-09-12
·
CVE-2017-14192
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
FineCms version 5.0.11
Description
The issue is related to an XSS concern in the
checktitle function, specifically in the module field within the controllers/member/api.php file.Recommendations
For FineCms version 5.0.11, consider disabling the
checktitle function as a temporary workaround until a patch is available. Restrict access to the module field in the affected API endpoint to minimize the risk of exploitation.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Finecms