PT-2023-11610 · Fuel Cms · Fuel Cms

Pxss

·

Publicado

2023-07-03

·

Atualizado

2023-07-11

·

CVE-2020-22152

CVSS v3.1

5.4

Média

VetorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions FUEL-CMS version 1.4.6
Description A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the page title, meta description, and meta keywords of the pages function.
Recommendations For version 1.4.6, consider restricting access to the page title, meta description, and meta keywords editing functionality until a fix is available. As a temporary workaround, validate and sanitize all user input for these fields to prevent code injection.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2020-22152

Produtos afetados

Fuel Cms