Stored XSS Vulnerability in Chevereto CMS Affecting User Profiles and Exif Data Parser
CVE-2017-1000058

6.1MEDIUM

Key Information:

Vendor

Chevereto

Status
Vendor
CVE Published:
17 July 2017

What is CVE-2017-1000058?

The Chevereto CMS prior to version 3.8.11 is susceptible to stored Cross-Site Scripting (XSS) attacks. This vulnerability allows an attacker to inject malicious scripts into user profiles and the Exif data parser, which can lead to the execution of arbitrary scripts in the context of authenticated users. By exploiting this flaw, attackers could compromise user accounts and potentially gain unauthorized access to sensitive information. It is crucial for users of affected versions to update to the latest release to mitigate the associated risks.

References

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.