PT-2023-32369 · Alexanderlivanov · Fotoscms2

Alexander Livanov

Publicado

2023-10-28

Atualizado

2024-05-17

CVE-2023-5837

CVSS v3.1

6.1

Média

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions AlexanderLivanov FotosCMS2 versions up to 2.4.3

Description A problematic vulnerability was found in the Cookie Handler component of the file profile.php, where the manipulation of the username argument leads to cross-site scripting. The attack can be initiated remotely.

Recommendations For AlexanderLivanov FotosCMS2 versions up to 2.4.3, consider disabling the username argument in the profile.php file of the Cookie Handler component as a temporary workaround until a patch is available. Restrict access to the profile.php file to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2023-5837

Produtos afetados

Fotoscms2

PT-2023-32369 · Alexanderlivanov · Fotoscms2

CVE-2023-5837

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7