Cross-Site Scripting in phpwcms by Slackero
CVE-2017-15872

4.8MEDIUM

Key Information:

Vendor: PHPwcms
Status: PHPwcms
Vendor: CVE Published:; 24 October 2017

What is CVE-2017-15872?

The phpwcms version 1.8.9 is susceptible to a Cross-Site Scripting (XSS) vulnerability that occurs within the 'username' input fields of the admin edit user and new user templates. An attacker can exploit this flaw to execute arbitrary JavaScript code in the context of the user's session, potentially leading to unauthorized actions and data theft.

References

https://github.com/slackero/phpwcms/commit/90ee94a474b379...

x_refsource_CONFIRM

https://github.com/slackero/phpwcms/commit/62c7c4a7a7de5e...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Oct 24, 2017

JSON

PHPwcms

What is CVE-2017-15872?

References

CVSS V3.1

Timeline