PT-2023-30063 · Unknown · Pwncyn Yxbookcms
Pwncyn
·
Published
2023-10-27
·
Updated
2023-11-03
·
CVE-2023-46504
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
PwnCYN YXBOOKCMS version 1.0.2
Description
A Cross Site Scripting (XSS) issue allows an attacker to execute arbitrary code via the library name function in the general settings component. This can be exploited by a physically proximate attacker.
Recommendations
For PwnCYN YXBOOKCMS version 1.0.2, consider disabling the library name function in the general settings component as a temporary workaround until a patch is available. Restrict access to the general settings component to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pwncyn Yxbookcms