exploitDog

CVE-2018-7476

Опубликовано: 25 фев. 2018

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character.

Ссылки

https://gitee.com/w1tcher/finecms/commit/6978c63b3bc5e0d1038a23bfc6293ad5e9d5f530
Patch
Third Party Advisory
https://www.from0to1.me/index.php/archives/22/
Third Party Advisory
URL Repurposed
https://gitee.com/w1tcher/finecms/commit/6978c63b3bc5e0d1038a23bfc6293ad5e9d5f530
Patch
Third Party Advisory
https://www.from0to1.me/index.php/archives/22/
Third Party Advisory
URL Repurposed

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:finecms:finecms:5.3.0:*:*:*:*:*:*:*

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-99cp-8977-4c74

CVSS3: 6.1

github

больше 3 лет назад

controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character.

EPSS

Процентиль: 47%

0.0024

Низкий

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79