WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name (from Layout tab) that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the Javascript code into Layout Name .
References
| Link | Resource |
|---|---|
| https://github.com/wolfcms/wolfcms/issues/667 | Exploit Third Party Advisory |
| https://github.com/wolfcms/wolfcms/issues/667 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 03:39
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/wolfcms/wolfcms/issues/667 - Exploit, Third Party Advisory |
Information
Published : 2018-03-13 15:29
Updated : 2024-11-21 03:39
NVD link : CVE-2018-1000084
Mitre link : CVE-2018-1000084
CVE.ORG link : CVE-2018-1000084
JSON object : View
Products Affected
wolfcms
- wolf_cms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')