Cross-Site Scripting Vulnerability in Sitemagic CMS from Jemt
CVE-2019-18219

6.1MEDIUM

Key Information:

Vendor

Sitemagic

Status
Sitemagic
Vendor
CVE Published:
23 October 2019

What is CVE-2019-18219?

Sitemagic CMS version 4.4.1 is impacted by a Cross-Site Scripting (XSS) vulnerability due to inadequate validation of user input. This weakness exists in components such as index.php and upgrade.php, permitting the injection of malicious JavaScript through both GET and POST requests. Attackers can exploit this vulnerability via a crafted URL or by manipulating the UpgradeMode POST parameter, potentially compromising the integrity and security of the affected web applications.

References

https://github.com/Jemt/SitemagicCMS/blob/master/changelo...
x_refsource_MISC
https://vuldb.com/?id.144007
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.