PT-2017-18268 · Cnvs.Io · Cnvs.Io Canvas

C0Debr8Kr

Published

2017-04-27

Updated

2022-05-17

CVE-2017-8298

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions cnvs.io Canvas version 3.3.0

Description The issue concerns a cross-site scripting (XSS) problem. It affects the title and content fields when creating a new post, as well as during the creation of new tags and users.

Recommendations For cnvs.io Canvas version 3.3.0, consider restricting access to the "Posts > Add New" action and the creation of new tags and users until a fix is available. As a temporary workaround, avoid using the title and content fields in the "Posts > Add New" action, and limit the creation of new tags and users to minimize the risk of exploitation.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-8298

GHSA-3657-Q433-MMPX

Affected Products

Cnvs.Io Canvas

PT-2017-18268 · Cnvs.Io · Cnvs.Io Canvas

CVE-2017-8298

Weakness Enumeration

Related Identifiers

Affected Products

References · 5