PT-2020-10373 · Cththemes · Cththemes Townhub+2

M0Ze

Published

2020-01-13

Updated

2020-01-14

CVE-2019-20211

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions CTHthemes CityBook versions prior to 2.3.4 CTHthemes TownHub versions prior to 1.0.6 CTHthemes EasyBook versions prior to 1.2.2

Description The issue allows for Persistent XSS attacks. This can be achieved via various fields such as Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.

Recommendations For CTHthemes CityBook versions prior to 2.3.4, update to version 2.3.4 or later. For CTHthemes TownHub versions prior to 1.0.6, update to version 1.0.6 or later. For CTHthemes EasyBook versions prior to 1.2.2, update to version 1.2.2 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-20211

Affected Products

Cththemes Citybook

Cththemes Easybook

Cththemes Townhub

PT-2020-10373 · Cththemes · Cththemes Townhub+2

CVE-2019-20211

Weakness Enumeration

Related Identifiers

Affected Products

References · 11