CVE-2019-8438

2019-03-0723:29:01

Google

osv.dev

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

24.8%

JSON

An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the first textbox of “System setting->site setting” of admin/index.php, aka site_name.

CPENameOperatorVersion
dilicmseq2.2.0-rc.1
dilicmseq2.4.0
dilicmseq2.0Final
dilicmseq2.1.1
dilicmseq2.1.2
dilicmseq2.2.0-rc.2
dilicmseq2.1.0
dilicmseq2.0
dilicmseq2.3.1
dilicmseq2.1.3

Name	Operator	Version
dilicms	eq	2.2.0-rc.1
dilicms	eq	2.4.0
dilicms	eq	2.0Final
dilicms	eq	2.1.1
dilicms	eq	2.1.2
dilicms	eq	2.2.0-rc.2
dilicms	eq	2.1.0
dilicms	eq	2.0
dilicms	eq	2.3.1
dilicms	eq	2.1.3

References

github.com/chekun/DiliCMS/issues/61