A vulnerability classified as problematic was found in AlexanderLivanov FotosCMS2 up to 2.4.3. This vulnerability affects unknown code of the file profile.php of the component Cookie Handler. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-243802 is the identifier assigned to this vulnerability.
References
Link | Resource |
---|---|
https://github.com/AlexanderLivanov/FotosCMS2/issues/18 | Exploit Issue Tracking |
https://vuldb.com/?ctiid.243802 | Permissions Required |
https://vuldb.com/?id.243802 | Permissions Required |
Configurations
History
07 Nov 2023, 19:45
Type | Values Removed | Values Added |
---|---|---|
First Time |
Alexanderlivanov fotoscms2
Alexanderlivanov |
|
CPE | cpe:2.3:a:alexanderlivanov:fotoscms2:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.1 |
References | (MISC) https://github.com/AlexanderLivanov/FotosCMS2/issues/18 - Exploit, Issue Tracking | |
References | (MISC) https://vuldb.com/?id.243802 - Permissions Required | |
References | (MISC) https://vuldb.com/?ctiid.243802 - Permissions Required |
28 Oct 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-28 22:15
Updated : 2024-05-17 02:33
NVD link : CVE-2023-5837
Mitre link : CVE-2023-5837
CVE.ORG link : CVE-2023-5837
JSON object : View
Products Affected
alexanderlivanov
- fotoscms2
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')