exploitDog

CVE-2018-18927

Опубликовано: 04 нояб. 2018

Источник: nvd

CVSS3: 4.8

CVSS2: 3.5

EPSS Низкий

Описание

An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement.

Ссылки

https://github.com/sanluan/PublicCMS/issues/22
Exploit
Third Party Advisory
https://github.com/sanluan/PublicCMS/issues/22
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:publiccms:publiccms:4.0:*:*:*:*:*:*:*

EPSS

Процентиль: 46%

0.00235

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-g7h3-f874-w2r9

CVSS3: 4.8

github

больше 3 лет назад

An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement.

EPSS

Процентиль: 46%

0.00235

Низкий

4.8 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79