An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement.
References
Link | Resource |
---|---|
https://github.com/sanluan/PublicCMS/issues/22 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-11-04T06:00:00
Updated: 2018-11-04T06:57:01
Reserved: 2018-11-04T00:00:00
Link: CVE-2018-18927
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-11-04T05:29:00.477
Modified: 2018-12-11T19:25:39.597
Link: CVE-2018-18927
JSON object: View
Redhat Information
No data.
CWE