| 제목 | Sitemagic CMS v4.4.1 - /sitemagic/upgrade.php Cross-Site-Scripting (XSS) |
|---|
| 설명 | A vulnerability was found in Sitemagic CMS 4.4.1 (Content Management System). It has been declared as problematic. Affected by this vulnerability is the UpgradeMode POST parameter of the file /sitemagic/upgrade.php. The manipulation with the input value %3Cscript%3Ealert(document.cookie)%3C%2fscript%3E leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-79. As an impact it is known to affect confidentiality. An attacker might be able to inject arbitrary html and script code into the web site. This would alter the appearance and would make it possible to initiate further attacks against site visitors.
The weakness was disclosed 10/21/2019 (GitHub Repository). It is possible to read the advisory at github.com. This vulnerability is known as CVE-2019-18219. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit. |
|---|
| 원천 | ⚠️ https://github.com/Jemt/SitemagicCMS/blob/master/changelog.txt |
|---|
| 사용자 | Anonymous User |
|---|
| 제출 | 2019. 10. 22. PM 01:30 (7 연령 ago) |
|---|
| 모더레이션 | 2019. 10. 23. AM 08:30 (19 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 144033 [Codemagic Sitemagic CMS 4.4.1 /sitemagic/upgrade.php 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 20 |
|---|