PT-2018-18752 · Otcms · Otcms
Free雅轩
·
Published
2018-03-24
·
Updated
2018-04-18
·
CVE-2018-8973
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OTCMS version 3.20
Description
The issue allows for XSS by adding a keyword or link to an article. This can be demonstrated through a request to the "admin/keyWord deal.php?mudi=add" endpoint.
Recommendations
For OTCMS version 3.20, consider restricting access to the admin/keyWord deal.php endpoint until a fix is available, and avoid adding unvalidated keywords or links to articles to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Otcms