Stored XSS Vulnerability in Chevereto CMS Affecting User Profiles and Exif Data Parser
CVE-2017-1000058
6.1MEDIUM
What is CVE-2017-1000058?
The Chevereto CMS prior to version 3.8.11 is susceptible to stored Cross-Site Scripting (XSS) attacks. This vulnerability allows an attacker to inject malicious scripts into user profiles and the Exif data parser, which can lead to the execution of arbitrary scripts in the context of authenticated users. By exploiting this flaw, attackers could compromise user accounts and potentially gain unauthorized access to sensitive information. It is crucial for users of affected versions to update to the latest release to mitigate the associated risks.
