Описание
FormCms v0.5.5 contains a stored cross-site scripting (XSS) vulnerability in the avatar upload feature. Authenticated users can upload .html files containing malicious JavaScript, which are accessible via a public URL. When a privileged user accesses the file, the script executes in their browser context.
Ссылки
- ExploitIssue Tracking
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.5.5 (включая) до 0.5.7 (исключая)
cpe:2.3:a:formcms:formcms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 9%
0.00033
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79
Связанные уязвимости
github
5 месяцев назад
FormCms avatar upload feature has a stored cross-site scripting (XSS) vulnerability
EPSS
Процентиль: 9%
0.00033
Низкий
6.1 Medium
CVSS3
Дефекты
CWE-79