PT-2019-15193 · Gila · Gila Cms

Rastating

·

Published

2019-10-13

·

Updated

2019-10-16

·

CVE-2019-17535

CVSS v3.1

9.3

Critical

VectorAC:L/AV:N/A:N/C:H/I:H/PR:N/S:C/UI:R
Name of the Vulnerable Software and Affected Versions Gila CMS versions prior to 1.11.5
Description The issue allows for XSS in blog-list.php, affecting both the gila-blog and gila-mag themes, via the search parameter.
Recommendations For versions prior to 1.11.5, update to version 1.11.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the search parameter in the affected API endpoint until a patch is available.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-17535

Affected Products

Gila Cms