| Название | Sitemagic CMS v4.4.1 - /sitemagic/upgrade.php Cross-Site-Scripting (XSS) |
|---|
| Описание | A vulnerability was found in Sitemagic CMS 4.4.1 (Content Management System). It has been declared as problematic. Affected by this vulnerability is the UpgradeMode POST parameter of the file /sitemagic/upgrade.php. The manipulation with the input value %3Cscript%3Ealert(document.cookie)%3C%2fscript%3E leads to a cross site scripting vulnerability. The CWE definition for the vulnerability is CWE-79. As an impact it is known to affect confidentiality. An attacker might be able to inject arbitrary html and script code into the web site. This would alter the appearance and would make it possible to initiate further attacks against site visitors.
The weakness was disclosed 10/21/2019 (GitHub Repository). It is possible to read the advisory at github.com. This vulnerability is known as CVE-2019-18219. The attack can be launched remotely. The exploitation doesn't need any form of authentication. Technical details of the vulnerability are known, but there is no available exploit. |
|---|
| Источник | ⚠️ https://github.com/Jemt/SitemagicCMS/blob/master/changelog.txt |
|---|
| Пользователь | Anonymous User |
|---|
| Представление | 22.10.2019 13:30 (7 лет назад) |
|---|
| Модерация | 23.10.2019 08:30 (19 hours later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 144033 [Codemagic Sitemagic CMS 4.4.1 /sitemagic/upgrade.php межсайтовый скриптинг] |
|---|
| Баллы | 20 |
|---|