PT-2026-51519 · Drimo · Drimo Cms
Jarosław Przebinda
+1
·
Published
2026-06-23
·
Updated
2026-06-23
·
CVE-2026-11772
CVSS v4.0
5.1
Medium
| Vector | AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
DRIMO CMS is vulnerable to Reflected XSS via q parameter in searching functionality. An attacker can prepare an URL that, when opened, results in arbitrary JavaScript execution in the victim's browser.
Product is in End Of Life phase and will not receive any updates. However, deleting info.php file mitigates the vulnerability,
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Drimo Cms