PT-2021-11903 · Appcms · Appcms
H9Dawn
·
Published
2021-06-03
·
Updated
2021-06-07
·
CVE-2020-36007
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
AppCMS version 2.0.101
Description:
The issue allows an attacker to perform a cross-site scripting attack, potentially obtaining sensitive information of other users. This is related to the
/admin/template/tpl app.php file.Recommendations:
For AppCMS version 2.0.101, consider restricting access to the
/admin/template/tpl app.php file until a patch is available. As a temporary workaround, avoid using the tpl app.php template to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Appcms