PublicCMS 4.0 is vulnerable to Cross Site Scripting (XSS). Because files can be uploaded and online preview function is provided, pdf files and html files containing malicious code are uploaded, an XSS popup window is realized through online viewing.
References
Link | Resource |
---|---|
https://github.com/sanluan/PublicCMS/issues/79 | Exploit Issue Tracking |
https://github.com/sanluan/PublicCMS/issues/79 | Exploit Issue Tracking |
Configurations
History
21 Nov 2024, 08:37
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/sanluan/PublicCMS/issues/79 - Exploit, Issue Tracking |
16 Jan 2024, 14:52
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.4 |
CPE | cpe:2.3:a:publiccms:publiccms:4.0:*:*:*:*:*:*:* | |
First Time |
Publiccms publiccms
Publiccms |
|
References | () https://github.com/sanluan/PublicCMS/issues/79 - Exploit, Issue Tracking | |
CWE | CWE-79 |
10 Jan 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-10 09:15
Updated : 2024-11-21 08:37
NVD link : CVE-2023-51252
Mitre link : CVE-2023-51252
CVE.ORG link : CVE-2023-51252
JSON object : View
Products Affected
publiccms
- publiccms
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')