PT-2018-12775 · Weaselcms · Weaselcms
Cgaiideo
·
Publicado
2018-08-03
·
Atualizado
2018-09-27
·
CVE-2018-14877
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WeaselCMS version 0.3.5
Description
An issue exists where XSS is possible via the Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page.
Recommendations
For WeaselCMS version 0.3.5, update to a version that fixes this issue, as the current version allows for XSS attacks through specific settings fields. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Weaselcms