PT-2023-11488 · Nonecms · Nonecms
Published
2023-05-08
·
Updated
2023-05-11
·
CVE-2020-18282
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
NoneCms version 1.3.0
Description
A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the feedback feature. This could potentially lead to unauthorized actions on the web application.
Recommendations
For NoneCms version 1.3.0, update to a newer version that contains a fix for this issue, as using the feedback feature in this version poses a security risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nonecms