Description
Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'.
References
https://github.com/TL-swallow/swallow/issues/14
ExploitIssue TrackingThird Party Advisory
https://github.com/TL-swallow/swallow/issues/14
ExploitIssue TrackingThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 · Medium
Information
Source identifier
Vulnerability status
Modified
Published
2021-09-15T12:15:08.397Z
4 years agoLast modified
2024-11-21T04:08:59.693Z
1 year ago