PT-2018-12716 · Elite Solutions · Datalife Engine
Publicado
2018-08-01
·
Atualizado
2018-10-02
·
CVE-2018-14777
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
DataLife Engine versions prior to 13.0
Description
An issue was discovered that allows an attacker to use XSS to send a malicious script to unsuspecting Admins or users, related to the "/addnews.html" and "/index.php?do=addnews" API Endpoints.
Recommendations
For versions prior to 13.0, update to version 13.0 or later to resolve the issue.
Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Datalife Engine