PT-2022-11469 · Unknown+1 · Mysql Server+2
Ravinder Verma
·
Published
2022-09-16
·
Updated
2022-09-20
·
CVE-2021-41731
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Sourcecodester News247 News Magazine (CMS) versions 5.6 and higher of PHP, and versions 5.7 and higher of MySQL
Description
A Cross Site Scripting (XSS) issue exists via the blog category name field. This allows for potential malicious script execution.
Recommendations
For PHP versions 5.6 and higher, and MySQL versions 5.7 and higher, consider validating and sanitizing user input in the blog category name field to prevent XSS attacks.
As a temporary workaround, consider restricting access to the blog category name field until a proper fix is applied.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mysql Server
Php
Sourcecodester News247 News Magazine