PT-2019-19040 · Dili · Dilicms
Fakerrr
·
Publicado
2019-03-07
·
Atualizado
2019-03-08
·
CVE-2019-8440
CVSS v3.1
4.8
Média
| Vetor | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
DiliCMS version 2.4.0
Description
A Stored XSS issue was found in the site logo setting of the admin panel, specifically in the third textbox of "System setting->site setting" in admin/index.php, referenced as
site logo.Recommendations
For DiliCMS version 2.4.0, update the
site logo setting in the admin panel to ensure it does not contain malicious code, and consider temporarily restricting access to the "System setting->site setting" page until a fix is available.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Dilicms