2 matches found
CVE-2019-8439
DiliCMS 2.4.0 has a Stored XSS vulnerability in the site_domain field (second textbox) under System setting -> site setting in admin/index.php. CNVD-2019-07939 notes this allows a remote attacker to inject arbitrary script/HTML; the CMS is described as based on CodeIgniter. No exploit specific...
CVE-2019-8439
An issue was discovered in DiliCMS 2.4.0. There is a Stored XSS Vulnerability in the second textbox of "System setting-site setting" of admin/index.php, aka sitedomain...