PT-2018-9263 · Wolfcms · Wolf Cms

Published

2018-03-13

Updated

2018-04-06

CVE-2018-1000084

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: WolfCMS version 0.8.3.1

Description: The issue concerns a Stored Cross-Site Scripting vulnerability in the Layout Name, accessible from the Layout tab. This can be exploited by entering Javascript code into the Layout Name, potentially allowing a low-privilege user to steal the cookie of an admin user and compromise the admin account.

Recommendations: For WolfCMS version 0.8.3.1, as a temporary workaround, consider restricting access to the Layout tab to prevent low-privilege users from entering malicious Javascript code into the Layout Name until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-1000084

Affected Products

Wolf Cms

PT-2018-9263 · Wolfcms · Wolf Cms

CVE-2018-1000084

Weakness Enumeration

Related Identifiers

Affected Products

References · 4