PT-2021-10535 · Gila Cms · Gila Cms

Yaoyao6688

Published

2021-09-27

Updated

2021-10-01

CVE-2020-20696

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: GilaCMS version 1.11.4

Description: A cross-site scripting (XSS) issue in the /admin/content/post endpoint of GilaCMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field.

Recommendations: For GilaCMS version 1.11.4, consider disabling the Tags field in the /admin/content/post endpoint until a patch is available to prevent exploitation. Restrict access to the /admin/content/post endpoint to minimize the risk of arbitrary web script execution. Avoid using the Tags field in the affected endpoint until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-20696

GHSA-H7MQ-27R7-W972

Affected Products

Gila Cms

PT-2021-10535 · Gila Cms · Gila Cms

CVE-2020-20696

Weakness Enumeration

Related Identifiers

Affected Products

References · 8