PT-2018-12758 · Intelliants · Subrion Cms
Zeel Chavda
·
Publicado
2018-08-02
·
Atualizado
2022-05-14
·
CVE-2018-14840
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Subrion CMS version 4.2.1
Description
The issue in Subrion CMS allows for XSS due to the
uploads/.htaccess file not blocking .html file uploads, while it does block other file types such as .htm.Recommendations
For Subrion CMS version 4.2.1, consider restricting or blocking .html file uploads in the
uploads/.htaccess file as a temporary workaround until a patch is available.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Subrion Cms