PT-2023-11646 · Z Blogphp · Z-Blogphp
Caitoubuo
·
Publicado
2023-04-04
·
Atualizado
2023-04-10
·
CVE-2020-23327
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ZblogPHP version 1.0
Description
A Cross Site Scripting issue allows a local attacker to execute arbitrary code via a crafted payload in the
title parameter of the module management model.Recommendations
For ZblogPHP version 1.0, avoid using the
title parameter in the module management model until the issue is resolved. As a temporary workaround, consider restricting access to the module management model to minimize the risk of exploitation.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Z-Blogphp