Cross-Site Scripting Vulnerability in phpwcms by p1g3
CVE-2020-19855

6.1MEDIUM

Key Information:

Vendor: PHPwcms
Status: PHPwcms
Vendor: CVE Published:; 8 September 2021

What is CVE-2020-19855?

The phpwcms version 1.9 contains a cross-site scripting (XSS) vulnerability in the /image_zoom.php component. This flaw allows attackers to inject malicious scripts into the web pages viewed by users, potentially compromising user data and web application integrity. It is essential for users and administrators to understand the implications of this vulnerability and apply necessary mitigations.

References

https://github.com/p1g3/CVE_REQUEST/blob/master/PHPWCMS%2...

x_refsource_MISC

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Sep 8, 2021
Vulnerability Reserved
Aug 13, 2020

JSON

PHPwcms

What is CVE-2020-19855?

References

CVSS V3.1

Timeline