PT-2010-3657 · Gpeasy · Gpeasy Cms
Published
2010-05-25
·
Updated
2018-10-10
·
CVE-2010-2038
CVSS v2.0
2.1
Low
| Vector | AV:N/AC:H/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
gpEasy CMS version 1.6.2
Description
A cross-site scripting (XSS) issue exists, allowing remote authenticated users with Edit privileges to inject arbitrary web script or HTML. This is achieved by manipulating the
gpcontent parameter in the index.php file.Recommendations
For gpEasy CMS version 1.6.2, consider restricting access to the
index.php file to prevent exploitation, and avoid using the gpcontent parameter until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gpeasy Cms