PT-2023-16917 · Hsycms · Hsycms
Tale
·
Published
2023-03-11
·
Updated
2024-05-17
·
CVE-2023-1349
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Hsycms version 3.1
Description
A problematic issue has been found in the file controllercate.php of the component Add Category Module. The manipulation of the
title argument leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.Recommendations
For Hsycms version 3.1, as a temporary workaround, consider restricting the use of the
title argument in the affected module until a patch is available. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hsycms