PT-2021-10161 · Ed01-Cms · Ed01-Cms

Published

2021-11-03

Updated

2021-11-05

CVE-2020-18259

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: ED01-CMS version 1.0

Description: The issue is a reflective cross-site scripting (XSS) vulnerability in the sposts.php component. This allows attackers to execute arbitrary web scripts or HTML by inserting a crafted payload into the Post title or Post content fields.

Recommendations: For ED01-CMS version 1.0, consider disabling the sposts.php component or restricting access to it until a patch is available. Avoid using the Post title and Post content fields in the sposts.php component until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-18259

Affected Products

Ed01-Cms

PT-2021-10161 · Ed01-Cms · Ed01-Cms

CVE-2020-18259

Weakness Enumeration

Related Identifiers

Affected Products

References · 6