PT-2017-19104 · Cms Made Simple · Cms Made Simple

Xiaozhi

Publicado

2017-06-18

Atualizado

2017-06-22

CVE-2017-9668

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions CMS Made Simple version 2.1.6

Description The issue is related to a lack of XSS filtering when adding a user group in the admin interface. This results in storage-type XSS generation via the description parameter in an addgroup action.

Recommendations For CMS Made Simple version 2.1.6, consider disabling the addgroup functionality until a patch is available to prevent potential XSS exploitation. Restrict access to the admin/addgroup.php page to minimize the risk of exploitation. Avoid using the description parameter in the addgroup action until the issue is resolved.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2017-9668

Produtos afetados

Cms Made Simple

PT-2017-19104 · Cms Made Simple · Cms Made Simple

CVE-2017-9668

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3