PT-2017-11820 · Finecms · Finecms

Lorexxar

Published

2017-07-13

Updated

2017-07-16

CVE-2017-11202

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions FineCMS through 2017-07-12

Description The issue allows for XSS in visitors.php due to the lack of restriction on JavaScript in visited URLs, both during logging and when reading logs.

Recommendations For FineCMS through 2017-07-12, restrict JavaScript in visited URLs during logging and when reading logs to prevent XSS exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-11202

Affected Products

Finecms

PT-2017-11820 · Finecms · Finecms

CVE-2017-11202

Weakness Enumeration

Related Identifiers

Affected Products

References · 2