PT-2023-32369 · Alexanderlivanov · Fotoscms2
Alexander Livanov
+1
·
Published
2023-10-28
·
Updated
2024-05-17
·
CVE-2023-5837
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
AlexanderLivanov FotosCMS2 versions up to 2.4.3
Description
A problematic vulnerability was found in the Cookie Handler component of the file profile.php, where the manipulation of the
username argument leads to cross-site scripting. The attack can be initiated remotely.Recommendations
For AlexanderLivanov FotosCMS2 versions up to 2.4.3, consider disabling the
username argument in the profile.php file of the Cookie Handler component as a temporary workaround until a patch is available. Restrict access to the profile.php file to minimize the risk of exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fotoscms2