PT-2018-11089 · Hongcms · Hongcms
Lzlzh2016
·
Publicado
2018-06-13
·
Atualizado
2018-07-26
·
CVE-2018-12266
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
HongCMS version 3.0.0
Description
The issue concerns a problem where crafted input can trigger a 404 HTTP status code, leading to XSS in the system/errors/404.php file of HongCMS.
Recommendations
For HongCMS version 3.0.0, update the system/errors/404.php file to properly handle and sanitize user input to prevent XSS attacks. As a temporary workaround, consider implementing input validation and sanitization for all user input to minimize the risk of exploitation.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Hongcms