FineCMS Cross-Site Scripting Vulnerability (CNVD-2017-10157)

FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. A cross-site scripting vulnerability exists in the search page in FineCMS versions 2017-05-28 and earlier. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTM...

FineCMS Cross-Site Scripting Vulnerability (CNVD-2017-10156)

FineCMS is a content management system CMS developed using MVC architecture and PDO database interface. A cross-site scripting vulnerability exists in the sitename parameter in the admin.php script of FineCMS 2017-05-28 and earlier versions. An attacker can exploit this vulnerability to inject...

Cross site scripting

andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter to admin.php...

CVE-2017-9252

andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in the search page via the text-search parameter to index.php in a route=search action...

CVE-2017-9251

FineCMS prior to 2017-05-28 is vulnerable to a reflected XSS in the sitename parameter of admin.php. The vulnerability is confirmed across multiple sources; the root cause is unsanitized input reflected in the sitename field. Impact is XSS (arbitrary script/HTML execution) in affected pages. Expl...

PT-2017-18808 · Andrzuk · Finecms

Name of the Vulnerable Software and Affected Versions: andrzuk/FineCMS versions prior to 2017-05-28 Description: The issue is related to a reflected XSS in the search page. This occurs via the text-search parameter to "index.php" in a "route=search" action. Recommendations: For versions prior to...