PT-2020-10374 · Cththemes · Cththemes Townhub+2

Published

2020-01-13

Updated

2020-01-14

CVE-2019-20212

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions CTHthemes CityBook versions prior to 2.3.4 CTHthemes TownHub versions prior to 1.0.6 CTHthemes EasyBook versions prior to 1.2.2

Description The issue allows for Persistent XSS attacks through the chat widget or page message form.

Recommendations For CTHthemes CityBook versions prior to 2.3.4, update to version 2.3.4 or later. For CTHthemes TownHub versions prior to 1.0.6, update to version 1.0.6 or later. For CTHthemes EasyBook versions prior to 1.2.2, update to version 1.2.2 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-20212

Affected Products

Cththemes Citybook

Cththemes Easybook

Cththemes Townhub

PT-2020-10374 · Cththemes · Cththemes Townhub+2

CVE-2019-20212

Weakness Enumeration

Related Identifiers

Affected Products

References · 11