PT-2018-12775 · Weaselcms · Weaselcms

Cgaiideo

Published

2018-08-03

Updated

2018-09-27

CVE-2018-14877

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions WeaselCMS version 0.3.5

Description An issue exists where XSS is possible via the Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page.

Recommendations For WeaselCMS version 0.3.5, update to a version that fixes this issue, as the current version allows for XSS attacks through specific settings fields. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-14877

Affected Products

Weaselcms

PT-2018-12775 · Weaselcms · Weaselcms

CVE-2018-14877

Weakness Enumeration

Related Identifiers

Affected Products

References · 3