Magnolia CMS up to 6.2.3 setText cross site scripting

entryeditHistoryDiffjsonxmlCTI

A vulnerability, which was classified as problematic, was found in Magnolia CMS up to 6.2.3 (Content Management System). This affects an unknown code of the file /magnoliaAuthor/.magnolia/. Upgrading to version 6.2.4 eliminates this vulnerability. The upgrade is hosted for download at docs.magnolia-cms.com.

Field04/03/2021 02:37 AM04/08/2021 08:17 AM04/08/2021 08:22 AM
vendorMagnoliaMagnoliaMagnolia
nameCMSCMSCMS
version<=6.2.3<=6.2.3<=6.2.3
file/magnoliaAuthor/.magnolia//magnoliaAuthor/.magnolia//magnoliaAuthor/.magnolia/
argumentsetTextsetTextsetText
cwe79 (cross site scripting)79 (cross site scripting)79 (cross site scripting)
risk111
cvss3_vuldb_avNNN
cvss3_vuldb_acLLL
cvss3_vuldb_uiRRR
cvss3_vuldb_cNNN
cvss3_vuldb_iLLL
cvss3_vuldb_aNNN
cvss3_vuldb_rlOOO
cvss3_vuldb_rcCCC
urlhttps://www.itas.vn/itas-security-team-found-multi-vulnerabilities-on-magnolia-cms-platform/https://www.itas.vn/itas-security-team-found-multi-vulnerabilities-on-magnolia-cms-platform/https://www.itas.vn/itas-security-team-found-multi-vulnerabilities-on-magnolia-cms-platform/
confirm_urlhttps://docs.magnolia-cms.com/product-docs/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#ReleasenotesforMagnoliaCMS6.2.4-Notablebugfixeshttps://docs.magnolia-cms.com/product-docs/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#ReleasenotesforMagnoliaCMS6.2.4-Notablebugfixeshttps://docs.magnolia-cms.com/product-docs/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#ReleasenotesforMagnoliaCMS6.2.4-Notablebugfixes
nameUpgradeUpgradeUpgrade
upgrade_version6.2.46.2.46.2.4
upgrade_urlhttps://docs.magnolia-cms.com/product-docs/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#ReleasenotesforMagnoliaCMS6.2.4-Notablebugfixeshttps://docs.magnolia-cms.com/product-docs/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#ReleasenotesforMagnoliaCMS6.2.4-Notablebugfixeshttps://docs.magnolia-cms.com/product-docs/Releases/Release-notes-for-Magnolia-CMS-6.2.4.html#ReleasenotesforMagnoliaCMS6.2.4-Notablebugfixes
cveCVE-2021-25893CVE-2021-25893CVE-2021-25893
date1617400800 (04/03/2021)1617400800 (04/03/2021)1617400800 (04/03/2021)
typeContent Management SystemContent Management SystemContent Management System
cvss2_vuldb_avNNN
cvss2_vuldb_acLLL
cvss2_vuldb_ciNNN
cvss2_vuldb_iiPPP
cvss2_vuldb_aiNNN
cvss2_vuldb_rcCCC
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_auSSS
cvss2_vuldb_eNDNDND
cvss3_vuldb_prLLL
cvss3_vuldb_sUUU
cvss3_vuldb_eXXX
cvss2_vuldb_basescore4.04.04.0
cvss2_vuldb_tempscore4.03.53.5
cvss3_vuldb_basescore3.53.53.5
cvss3_vuldb_tempscore3.53.43.4
cvss3_meta_basescore3.53.54.4
cvss3_meta_tempscore3.53.44.3
price_0day$0-$5k$0-$5k$0-$5k
cve_assigned16112700001611270000
cve_nvd_summaryMagnolia CMS From 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.Magnolia CMS From 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prL
cvss3_nvd_uiR
cvss3_nvd_sC
cvss3_nvd_cL
cvss3_nvd_iL
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acM
cvss2_nvd_auS
cvss2_nvd_ciN
cvss2_nvd_iiP
cvss2_nvd_aiN
cvss2_nvd_basescore3.5
cvss3_nvd_basescore5.4

Interested in the pricing of exploits?

See the underground prices here!