PT-2018-5259 · Quickapps · Quickappscms

Prodigysml

Publicado

2018-01-03

Atualizado

2022-05-14

CVE-2017-1000495

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions QuickApps CMS version 2.0.0

Description The issue allows for Stored Cross-site Scripting in the user's real name field, which can result in denial of service and enable unauthorized actions to be performed with an administrator user's account.

Recommendations For QuickApps CMS version 2.0.0, update to a version that fixes the Stored Cross-site Scripting issue in the user's real name field to prevent denial of service and unauthorized actions.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2017-1000495

GHSA-825G-F3G2-6VXF

Produtos afetados

Quickappscms

PT-2018-5259 · Quickapps · Quickappscms

CVE-2017-1000495

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6