An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the wFilemanager.php
and index.php
files of the /grid5/scripts/
modules. The injection point is located in the Project Title
and the execution point occurs in the Inhaltsprojekte
output listing section. Remote attackers with privileged user accounts are able to inject their own malicious script code with a persistent attack vector to compromise user session credentials or to manipulate the affected web-application module output context. The request method to inject is POST.
CPE | Name | Operator | Version |
---|---|---|---|
cms_core_\\&_grid | eq | 12.6.24 |