PT-2018-15464 · Ucms · Ucms
Published
2018-12-30
·
Updated
2019-01-04
·
CVE-2018-20600
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
UCMS version 1.4.7
Description
The issue is related to a Cross-Site Scripting (XSS) problem. It occurs in the sadmincedit.php file of UCMS when an action is performed on index.php, specifically the sadmin cedit action.
Recommendations
For UCMS version 1.4.7, consider disabling access to the sadmincedit.php file until a patch is available to prevent potential exploitation of the XSS vulnerability.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ucms