PT-2021-10537 · S-Cms Php · S-Cms Php

Published

2021-07-27

Updated

2021-08-03

CVE-2020-20699

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: S-CMS PHP version 3.0

Description: A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.

Recommendations: For S-CMS PHP version 3.0, update the software to remove the ability to execute arbitrary scripts from the Copyright text box, or restrict access to the Basic Settings to prevent malicious input.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-20699

Affected Products

S-Cms Php

PT-2021-10537 · S-Cms Php · S-Cms Php

CVE-2020-20699

Weakness Enumeration

Related Identifiers

Affected Products

References · 3