PT-2020-14459 · Jalios · Jalios Jcms
Published
2020-07-17
·
Updated
2024-08-04
·
CVE-2020-15497
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Jalios JCMS version 10.0.2 build-20200224104759
Description
The issue allows for XSS via the
types parameter in the jcore/portal/ajaxPortal.jsp file. It is noted that this issue is not present in the standard installation of Jalios JCMS.Recommendations
For Jalios JCMS version 10.0.2 build-20200224104759, consider restricting access to the jcore/portal/ajaxPortal.jsp file to minimize the risk of exploitation, and avoid using the
types parameter in this context until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jalios Jcms