PT-2017-13296 · Finecms+1 · Finecms+1

Published

2017-09-07

Updated

2017-09-12

CVE-2017-14194

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions FineCms version 5.0.11

Description The issue is related to an XSS vulnerability in the out function in controllers/member/Login.php. This vulnerability is triggered by the Referer HTTP header and affects Internet Explorer.

Recommendations For FineCms version 5.0.11, consider disabling the out function in controllers/member/Login.php as a temporary workaround until a patch is available. Restrict access to the Login.php module to minimize the risk of exploitation. Avoid using the Referer HTTP header in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-14194

Affected Products

Finecms

Internet Explorer

PT-2017-13296 · Finecms+1 · Finecms+1

CVE-2017-14194

Weakness Enumeration

Related Identifiers

Affected Products

References · 3