PT-2021-3388 · Unknown · Typesetter

Published

2021-06-21

Updated

2021-06-24

CVE-2020-19511

CVSS v2.0

6.4

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Typesetter version 5.1

Description The issue is related to a Cross Site Scripting vulnerability. It is associated with the failure to take measures to protect the structure of web pages, specifically through the className and Description fields in the index.php/Admin/Classes. This could allow a remote attacker to perform cross-site scripting attacks.

Recommendations For Typesetter version 5.1, consider disabling the className and Description fields in index.php/Admin/Classes as a temporary workaround until a patch is available. Restrict access to the index.php/Admin/Classes page to minimize the risk of exploitation. Avoid using the className and Description fields in the affected area until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

BDU:2021-03239

CVE-2020-19511

Affected Products

Typesetter

PT-2021-3388 · Unknown · Typesetter

CVE-2020-19511

Weakness Enumeration

Related Identifiers

Affected Products

References · 7