Cross-Site Scripting Vulnerabilities in UliCMS by UliCMS Team
CVE-2019-11398

6.1MEDIUM

Key Information:

Vendor

Ulicms

Status
Ulicms
Vendor
CVE Published:
8 May 2019

What is CVE-2019-11398?

Multiple cross-site scripting (XSS) vulnerabilities have been identified in UliCMS versions 2019.1 and 2019.2. These vulnerabilities allow attackers to exploit the go parameter to admin/index.php, the go parameter in the registration process, and the error parameter when accessing admin/index.php?action=favicon. Successful exploitation can lead to unauthorized execution of arbitrary web scripts or HTML on the affected instance, posing significant security risks.

References

https://en.ulicms.de/
x_refsource_MISC
https://www.exploit-db.com/exploits/46741/
x_refsource_MISC
http://packetstormsecurity.com/files/153219/UliCMS-2019.1...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.