Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.
References
Link | Resource |
---|---|
https://github.com/Creatiwity/wityCMS/issues/150 | Exploit Issue Tracking Patch Third Party Advisory |
https://github.com/Creatiwity/wityCMS/commit/7967e5bf15b4d2ee6b85b56e82d7e1229147de44 | Patch |
https://www.exploit-db.com/exploits/44790/ | Exploit Patch Third Party Advisory VDB Entry |
Configurations
Information
Published : 2018-05-28 06:29
Updated : 2018-06-29 06:31
NVD link : CVE-2018-11512
Mitre link : CVE-2018-11512
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
creatiwity
- witycms