PT-2019-18642 · Cantemo · Cantemo Portal

Publicado

2019-04-10

Atualizado

2019-09-27

CVE-2019-7551

CVSS v3.1

9.0

Crítica

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cantemo Portal versions prior to 3.2.13 Cantemo Portal versions 3.3.x prior to 3.3.8 Cantemo Portal versions 3.4.x prior to 3.4.9

Description The issue allows for cross-site scripting (XSS), which can be leveraged to perform actions as users, including those with administrative privileges. This could enable actions such as account creation and deletion, as well as the deletion of information within the application.

Recommendations For Cantemo Portal versions prior to 3.2.13, update to version 3.2.13 or later. For Cantemo Portal versions 3.3.x prior to 3.3.8, update to version 3.3.8 or later. For Cantemo Portal versions 3.4.x prior to 3.4.9, update to version 3.4.9 or later.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-7551

Produtos afetados

Cantemo Portal

PT-2019-18642 · Cantemo · Cantemo Portal

CVE-2019-7551

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6