PT-2024-39109 · Unknown · Gouniverse Golang Cms
Zihe
·
Published
2024-09-08
·
Updated
2024-09-13
·
CVE-2024-8572
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions:
Gouniverse GoLang CMS version 1.4.0
Description:
A vulnerability was found in Gouniverse GoLang CMS, affecting the function
PageRenderHtmlByAlias of the file FrontendHandler.go. The manipulation of the argument alias leads to cross-site scripting. The attack can be initiated remotely.Recommendations:
For Gouniverse GoLang CMS version 1.4.0, upgrade to version 1.4.1 to address this issue. As a temporary workaround, consider restricting the use of the
PageRenderHtmlByAlias function until the patch is applied.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gouniverse Golang Cms