PT-2022-12185 · Unknown · Bloofoxcms

Able403

·

Published

2022-02-23

·

Updated

2022-03-03

·

CVE-2021-44608

CVSS v3.1

5.4

Medium

VectorAV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions bloofoxCMS versions 0.5.1 through 0.5.2.1
Description Multiple Cross Site Scripting (XSS) vulnerabilities exist in the software. The issue is related to the file parameter and the type parameter in an edit action in the "index.php" endpoint.
Recommendations For versions 0.5.1 through 0.5.2.1, consider disabling the edit action in index.php until a patch is available. Restrict access to the file and type parameters to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2021-44608

Affected Products

Bloofoxcms