PT-2018-14702 · No Cms · No-Cms
Publicado
2018-10-31
·
Atualizado
2018-12-10
·
CVE-2018-18868
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
No-CMS version 1.1.3
Description
The issue allows for Persistent XSS attacks through the
name parameter in the contact us functionality. This is demonstrated by exploiting the name parameter, such as the VG48Z5PqVWname parameter.Recommendations
For No-CMS version 1.1.3, avoid using the
name parameter in the contact us functionality until the issue is resolved. As a temporary workaround, consider restricting access to the contact us feature to minimize the risk of exploitation.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
No-Cms