Cross-Site Scripting (XSS) vulnerability on WideStand CMS of Acilia
Posted date 02/08/2023
Identificador
INCIBE-2023-0318
Importance
3 - Medium
Affected Resources
Widestand CMS, versions 5.3.5 and prior.
Description
INCIBE has coordinated the publication of a vulnerability affecting WideStand CMS, a professional CMS solution developed by Acilia y based on Symfony framework, which has been discovered by Ángel Heredia Pérez, of Telefónica Tech.
The following code has been assigned to this vulnerability:
CVE-2023-4090:
- CVSS v3.1 base score: 5.4.
- CVSS vector string: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N.
- Vulnerability type: CWE-79: CWE-79: improper neutralization of input during web page generation (Cross-site Scripting).
Solution
There is no reported solution at this time.
Detail
CVE-2023-4090: Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.
References list
Etiquetas