Описание
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).
Ссылки
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:wtcms_project:wtcms:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00083
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 4.8
github
больше 1 года назад
An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS).
EPSS
Процентиль: 24%
0.00083
Низкий
4.8 Medium
CVSS3
Дефекты
CWE-79