Magnolia CMS up to 6.2.3 setText cross site scripting

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, was found in Magnolia CMS up to 6.2.3 (Content Management System). This affects an unknown code of the file /magnoliaAuthor/.magnolia/. Upgrading to version 6.2.4 eliminates this vulnerability. The upgrade is hosted for download at docs.magnolia-cms.com.

Field	04/03/2021 02:37 AM	04/08/2021 08:17 AM	04/08/2021 08:22 AM
vendor	Magnolia	Magnolia	Magnolia
name	CMS	CMS	CMS
version	<=6.2.3	<=6.2.3	<=6.2.3
file	/magnoliaAuthor/.magnolia/	/magnoliaAuthor/.magnolia/	/magnoliaAuthor/.magnolia/
argument	setText	setText	setText
cwe	79 (cross site scripting)	79 (cross site scripting)	79 (cross site scripting)
risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_rl	O	O	O
cvss3_vuldb_rc	C	C	C
url	https://www.itas.vn/itas-security-team-found-multi-vulnerabilities-on-magnolia-cms-platform/	https://www.itas.vn/itas-security-team-found-multi-vulnerabilities-on-magnolia-cms-platform/	https://www.itas.vn/itas-security-team-found-multi-vulnerabilities-on-magnolia-cms-platform/
confirm_url	https://docs.magnolia-cms.com/product-docs/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#ReleasenotesforMagnoliaCMS6.2.4-Notablebugfixes	https://docs.magnolia-cms.com/product-docs/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#ReleasenotesforMagnoliaCMS6.2.4-Notablebugfixes	https://docs.magnolia-cms.com/product-docs/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#ReleasenotesforMagnoliaCMS6.2.4-Notablebugfixes
name	Upgrade	Upgrade	Upgrade
upgrade_version	6.2.4	6.2.4	6.2.4
upgrade_url	https://docs.magnolia-cms.com/product-docs/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#ReleasenotesforMagnoliaCMS6.2.4-Notablebugfixes	https://docs.magnolia-cms.com/product-docs/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#ReleasenotesforMagnoliaCMS6.2.4-Notablebugfixes	https://docs.magnolia-cms.com/product-docs/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#ReleasenotesforMagnoliaCMS6.2.4-Notablebugfixes
cve	CVE-2021-25893	CVE-2021-25893	CVE-2021-25893
date	1617400800 (04/03/2021)	1617400800 (04/03/2021)	1617400800 (04/03/2021)
type	Content Management System	Content Management System	Content Management System
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_rc	C	C	C
cvss2_vuldb_rl	OF	OF	OF
cvss2_vuldb_au	S	S	S
cvss2_vuldb_e	ND	ND	ND
cvss3_vuldb_pr	L	L	L
cvss3_vuldb_s	U	U	U
cvss3_vuldb_e	X	X	X
cvss2_vuldb_basescore	4.0	4.0	4.0
cvss2_vuldb_tempscore	4.0	3.5	3.5
cvss3_vuldb_basescore	3.5	3.5	3.5
cvss3_vuldb_tempscore	3.5	3.4	3.4
cvss3_meta_basescore	3.5	3.5	4.4
cvss3_meta_tempscore	3.5	3.4	4.3
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_assigned		1611270000	1611270000
cve_nvd_summary		Magnolia CMS From 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.	Magnolia CMS From 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			L
cvss3_nvd_ui			R
cvss3_nvd_s			C
cvss3_nvd_c			L
cvss3_nvd_i			L
cvss3_nvd_a			N
cvss2_nvd_av			N
cvss2_nvd_ac			M
cvss2_nvd_au			S
cvss2_nvd_ci			N
cvss2_nvd_ii			P
cvss2_nvd_ai			N
cvss2_nvd_basescore			3.5
cvss3_nvd_basescore			5.4

◂ Previous Overview Next ▸

Interested in the pricing of exploits?

See the underground prices here!