PT-2023-29291 · Ritecms · Ritecms
Romanhu
·
Published
2023-10-24
·
Updated
2023-11-01
·
CVE-2023-44767
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
RiteCMS version 3.0
Description
A File upload issue allows a local attacker to upload a SVG file containing XSS content.
Recommendations
For RiteCMS version 3.0, consider restricting file uploads to prevent exploitation until a fix is available. As a temporary workaround, disable the ability to upload SVG files to minimize the risk of XSS attacks.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ritecms