PT-2018-15039 · Tp5Cms · Tp5Cms
Langyayue
·
Published
2018-11-29
·
Updated
2018-12-27
·
CVE-2018-19693
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
tp5cms versions prior to 2017-05-25
Description
An issue was discovered that allows for XSS via the
title parameter in the "admin.php/system/set.html" API endpoint.Recommendations
For versions prior to 2017-05-25, as a temporary workaround, consider restricting access to the "admin.php/system/set.html" endpoint until a patch is available. Avoid using the
title parameter in this endpoint to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tp5Cms