PT-2023-28795 · Opensolution · Opensolution Quick Cms
Romanhu
·
Published
2023-10-20
·
Updated
2023-10-25
·
CVE-2023-43346
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
opensolution Quick CMS version 6.7
Description
A cross-site scripting (XSS) issue allows a local attacker to execute arbitrary code via a crafted script to the
Backend - Dashboard parameter in the Languages Menu component. This enables the attacker to perform unauthorized actions.Recommendations
For opensolution Quick CMS version 6.7, consider disabling access to the
Languages Menu component until a patch is available to prevent exploitation of the XSS vulnerability. Restrict the use of the Backend - Dashboard parameter to minimize the risk of arbitrary code execution.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Opensolution Quick Cms