PT-2021-10538 · S-Cms Php · S-Cms Php

Published

2021-07-27

Updated

2021-08-03

CVE-2020-20700

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: S-CMS PHP version 3.0

Description: A stored cross site scripting (XSS) issue exists, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box in the /app/form add/ endpoint.

Recommendations: For S-CMS PHP version 3.0, update the software to remove the stored XSS vulnerability in the /app/form add/ endpoint, specifically ensuring that user input in the Title Entry text box is properly sanitized to prevent the execution of arbitrary web scripts or HTML.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-20700

Affected Products

S-Cms Php

PT-2021-10538 · S-Cms Php · S-Cms Php

CVE-2020-20700

Weakness Enumeration

Related Identifiers

Affected Products

References · 3