PT-2018-13882 · Yiicms · Yiicms
Ghost
·
Published
2018-09-16
·
Updated
2018-11-09
·
CVE-2018-17077
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
yiqicms versions prior to 2016-11-20
Description
The issue is related to stored XSS in the comment.php file, where a length limit can be bypassed, allowing for potential exploitation.
Recommendations
For versions prior to 2016-11-20, consider disabling the comment functionality in comment.php until a fix is available, or apply input validation to prevent bypassing the length limit.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Yiicms