PT-2021-22671 · Cxuucms · Cxuucms
Published
2021-08-23
·
Updated
2021-08-30
·
CVE-2021-39599
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
CXUUCMS version 3.1
Description:
Multiple Cross Site Scripting (XSS) vulnerabilities exist in CXUUCMS. The vulnerabilities are found in the
search and c parameters in "public/search.php" and in the c parameter in "admin.php".Recommendations:
For CXUUCMS version 3.1, consider disabling the
search and c parameters in "public/search.php" and the c parameter in "admin.php" until a patch is available. Restrict access to "public/search.php" and "admin.php" to minimize the risk of exploitation. Avoid using the search and c parameters in the affected API endpoints until the issue is resolved.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cxuucms