PT-2022-21323 · U5Cms · U5Cms

Ue0Vo

Published

2022-06-17

Updated

2022-06-28

CVE-2022-32442

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions u5cms version 8.3.5

Description The issue allows for Cross Site Scripting (XSS) when a user accesses the default home page with a specific parameter. The parameter Onmouseover can be used to inject HTML code, potentially leading to security issues. For example, when the parameter passed in is http://127.0.0.1/? "Onmouseover=%27tzgl (96502)%27bad=", it can cause HTML injection.

Recommendations For u5cms version 8.3.5, consider disabling access to the default home page or restricting the use of the Onmouseover parameter until a patch is available. Avoid using the Onmouseover parameter in the affected endpoint until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-32442

Affected Products

U5Cms

PT-2022-21323 · U5Cms · U5Cms

CVE-2022-32442

Weakness Enumeration

Related Identifiers

Affected Products

References · 5