PT-2017-16734 · Sana · Sanacms
C0Nstantine
+1
·
Published
2017-02-04
·
Updated
2017-02-08
·
CVE-2017-5882
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
SanaCMS version 7.3
Description
A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the
search parameter in the index.asp file.Recommendations
For version 7.3, update the index.asp file to properly sanitize the
search parameter to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the index.asp file until a patch is available.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sanacms