PT-2007-3219 · Toenda · Toendacms
Published
2007-04-13
·
Updated
2018-10-16
·
CVE-2007-1872
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
toendaCMS version 1.5.3
Description:
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the
searchword parameter in a search id. This could potentially lead to unauthorized actions on the affected system.Recommendations:
For toendaCMS version 1.5.3, consider restricting access to the search functionality until a patch is available, and avoid using the
searchword parameter in the affected search id endpoint.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Toendacms