FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180.
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-13T01:00:00

Updated: 2017-07-13T00:57:01

Reserved: 2017-07-12T00:00:00


Link: CVE-2017-11202

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2017-07-13T01:29:01.577

Modified: 2017-07-16T11:06:37.707


Link: CVE-2017-11202

JSON object: View

cve-icon Redhat Information

No data.

CWE