PT-2021-10534 · Gila Cms · Gila Cms
Yaoyao6688
·
Published
2021-09-27
·
Updated
2021-10-01
·
CVE-2020-20695
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
GilaCMS version 1.11.4
Description:
A stored cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. This can lead to the execution of malicious code on the victim's browser.
Recommendations:
For GilaCMS version 1.11.4, consider disabling the ability to upload SVG files until a patch is available to prevent exploitation of this issue. Restrict access to areas where file uploads are possible to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gila Cms