PT-2017-15095 · Archon · Archon
Published
2017-12-26
·
Updated
2018-01-11
·
CVE-2017-17911
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Archon version 3.21 rev-1
Description
The issue concerns an XSS vulnerability in the
referer parameter of an index.php?p=core/contact request, specifically in the contact.php file of the core package.Recommendations
For Archon version 3.21 rev-1, consider restricting access to the
index.php?p=core/contact endpoint until a fix is available, and avoid using the referer parameter in this request to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Archon