| Título | Sitemagic CMS v4.4.1 - /sitemagic/upgrade.php Cross-Site-Scripting (XSS) |
|---|
| Descripción | A vulnerability was found in Sitemagic CMS 4.4.1 (Content Management System). It has been declared as problematic. Affected by this vulnerability is the UpgradeMode POST parameter of the file /sitemagic/upgrade.php. The manipulation with the input value %3Cscript%3Ealert(document.cookie)%3C%2fscript%3E leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-79. As an impact it is known to affect confidentiality. An attacker might be able to inject arbitrary html and script code into the web site. This would alter the appearance and would make it possible to initiate further attacks against site visitors.
The weakness was disclosed 10/21/2019 (GitHub Repository). It is possible to read the advisory at github.com. This vulnerability is known as CVE-2019-18219. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit. |
|---|
| Fuente | ⚠️ https://github.com/Jemt/SitemagicCMS/blob/master/changelog.txt |
|---|
| Usuario | Anonymous User |
|---|
| Sumisión | 2019-10-22 13:30 (hace 7 años) |
|---|
| Moderación | 2019-10-23 08:30 (19 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 144033 [Codemagic Sitemagic CMS 4.4.1 /sitemagic/upgrade.php secuencias de comandos en sitios cruzados] |
|---|
| Puntos | 20 |
|---|