Vulners
Lucene search
Fiyo CMS 2.0.2.1 Cross Site Scripting
`*1. Introduction*
Affected Product: Fiyo CMS 2.0.2.1
Fixed in: Fiyo CMS 2.0.6
Fixed Version Link:
http://www.fiyo.org/blog/versi-2-0-6-banyak-perubahan-untuk-stabilitas
Vendor Website: http://www.fiyo.org/
Vulnerability Type: Persistent XSS
Remote Exploitable: Yes
Reported to vendor: 28/12/2015
Fixed by Vendor: 15/01/2016
CVE:
*2. Overview*
There are multiple persistent XSS vulnerabilities in Fiyo CMS 2.0.2.1. The
vulnerabilities exist due to insufficient filtration of user-supplied data.
A remote attacker can execute arbitrary HTML and script code in browser in
context of the vulnerable application.
*3. Affected Modules*
Affected fields in the modules are listed below:
i. Users
User Group -> Group Name, Description
ii. Modules
Module Details->Judul Modul, Posisi
iii. Menus
Main Menu-> Menu Details->Nama
Footer Menu-> Menu Details->Nama
Categories->Menu Details->Judul Kategori
Admin Panel-> Menu Details->Nama
Attached POC.
*4. Payload*
<script>alert('XSS')</script>
*5. Credit*
Himanshu Mehta
*6. Tested By*
Himanshu Mehta and Sachin Wagh
[email protected]
[email protected]
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Feb 2016 00:00Current
0.1Low risk
Vulners AI Score0.1