PT-2021-22591 · Gila Cms · Gila Cms
Published
2021-10-04
·
Updated
2021-10-12
·
CVE-2021-39486
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
Gila CMS version 2.2.0
Description:
A Stored XSS via Malicious File Upload exists in the software. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser.
Recommendations:
For Gila CMS version 2.2.0, update to a version that fixes the Stored XSS issue, although the specific fixed version is not provided in the available data. As a temporary workaround, consider restricting file uploads or validating all uploaded files to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gila Cms