Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PopojiCMS Web Config install.php cross site scripting
Vulnerability Description
A vulnerability was found in PopojiCMS 2.0.1 and classified as problematic. This issue affects some unknown processing of the file install.php of the component Web Config. The manipulation of the argument Site Title with the input <script>alert(1)</script> leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-244229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Electron Technologies FZC PopojiCMS 跨站脚本漏洞
Vulnerability Description
Electron Technologies FZC PopojiCMS是美国Electron Technologies FZC公司的一套基于Popoji框架的开源内容管理系统(CMS)。 Electron Technologies FZC PopojiCMS 2.0.1版本存在跨站脚本漏洞,该漏洞源于组件 Web Config 中的 install.php 文件存在某些未知处理,通过某些参数会导致跨站脚本。
CVSS Information
N/A
Vulnerability Type
N/A