PT-2021-10816 · Unknown · Folder Lock

Published

2021-10-22

Updated

2021-10-27

CVE-2020-23039

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Folder Lock version 3.4.5

Description A stored cross-site scripting issue was found in the Create Folder function under the 'create' module. This allows attackers to execute arbitrary web scripts or HTML via a crafted payload as a path or folder name.

Recommendations For version 3.4.5, consider disabling the Create Folder function under the 'create' module until a patch is available to prevent exploitation. Restrict access to the 'create' module to minimize the risk of arbitrary script execution. Avoid using crafted payloads as path or folder names in the affected function.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2020-23039

Affected Products

Folder Lock

PT-2021-10816 · Unknown · Folder Lock

CVE-2020-23039

Weakness Enumeration

Related Identifiers

Affected Products

References · 3