Cross site scripting

2018-05-2416:29:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

51.2%

JSON

Stored cross-site scripting (XSS) vulnerability in the “Site Name” field found in the “site” tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.

CPENameOperatorVersion
clippercmseq1.3.3

CPE	Name	Operator	Version
	clippercms	eq	1.3.3

References

github.com/ClipperCMS/ClipperCMS/issues/483

www.exploit-db.com/exploits/44775/

0.001 Low

EPSS

Percentile

51.2%

JSON

Related for PRION:CVE-2018-11332