PT-2019-9284 · Creatiwity · Creatiwity Witycms

Twohub

Publicado

2019-06-20

Atualizado

2019-06-21

CVE-2018-16250

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Creatiwity wityCMS version 0.6.2

Description The issue concerns the "utilisateur" menu in Creatiwity wityCMS, where two input points for user information are vulnerable to XSS attacks. Specifically, the first name and last name parameters are affected.

Recommendations For Creatiwity wityCMS version 0.6.2, consider restricting input for the first name and last name parameters to minimize the risk of XSS exploitation. As a temporary workaround, validate and sanitize user input for these parameters until a patch is available.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-16250

Produtos afetados

Creatiwity Witycms

PT-2019-9284 · Creatiwity · Creatiwity Witycms

CVE-2018-16250

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3