Описание
Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form.
Ссылки
- ExploitIssue TrackingPatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:flatcore:flatcore:2.0.7:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00108
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79
Связанные уязвимости
CVSS3: 5.4
github
почти 3 года назад
Cross site scripting (XSS) vulnerability in flatCore-CMS 2.2.15 allows attackers to execute arbitrary code via description field on the new page creation form.
EPSS
Процентиль: 29%
0.00108
Низкий
5.4 Medium
CVSS3
Дефекты
CWE-79
CWE-79