PT-2023-19533 · Ujcms · Ujcms
Zur1Ch
·
Published
2023-02-17
·
Updated
2025-03-18
·
CVE-2023-24369
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
UJCMS version 4.1.3
Description
A cross-site scripting (XSS) issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the URL parameter under the Add New Articles function.
Recommendations
For UJCMS version 4.1.3, consider disabling the Add New Articles function until a patch is available to prevent exploitation of the XSS vulnerability. Restrict access to the URL parameter to minimize the risk of arbitrary script execution.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ujcms