Cross Site Scripting (XSS) in Qibosoft QiboCMS v7 and earlier allows remote attackers to execute arbitrary code or obtain sensitive information by injecting arbitrary commands in a HTTP request to the "ewebeditor\3.1.1\kindeditor.js" component.
References
Link | Resource |
---|---|
https://github.com/hpj233/qibocms/blob/master/v7 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-04-28T15:18:42
Updated: 2021-04-28T15:18:42
Reserved: 2020-08-13T00:00:00
Link: CVE-2020-18022
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-04-28T16:15:08.093
Modified: 2021-05-10T14:13:03.960
Link: CVE-2020-18022
JSON object: View
Redhat Information
No data.
CWE