PT-2018-12232 · Idreamsoft · Icms
Published
2018-07-10
·
Updated
2018-09-06
·
CVE-2018-13865
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
idreamsoft iCMS version 7.0.9
Description
An issue exists where XSS is possible via the
callback parameter in a "public/api.php" uploadpic request, which bypasses the iWAF protection mechanism.Recommendations
For idreamsoft iCMS version 7.0.9, consider restricting access to the "public/api.php" uploadpic request to minimize the risk of exploitation. As a temporary workaround, avoid using the
callback parameter in this request until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Icms