PT-2023-10627 · Ciubotaru · Share-On-Diaspora
Published
2023-02-06
·
Updated
2024-05-17
·
CVE-2017-20176
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ciubotaru share-on-diaspora version 0.7.9
Description
A vulnerability was found in the file new window.php, where the manipulation of the
title or url argument leads to cross-site scripting. The attack can be initiated remotely.Recommendations
To fix this issue, apply the patch with the name fb6fae2f8a9b146471450b5b0281046a17d1ac8d. As a temporary workaround, consider restricting access to the
new window.php file until the patch is applied.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Share-On-Diaspora