CVE-2017-11629 - OpenCVE

dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.

No CVSS v3.1

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors	Products
Finecms	Finecms

Configuration 1 [-]

cpe:2.3:a:finecms:finecms:*:*:*:*:*:*:*:*

References

Link	Resource
http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#api-php-Reflected-XSS	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-07-26T08:00:00

Updated: 2017-07-26T07:57:01

Reserved: 2017-07-25T00:00:00

Link: CVE-2017-11629

JSON object: View

NVD Information

Status : Analyzed

Published: 2017-07-26T08:29:00.243

Modified: 2017-08-09T19:44:52.343

Link: CVE-2017-11629

JSON object: View

Redhat Information

No data.

CWE