S-CMS Cross-Site Scripting Vulnerability (CNVD-2018-26677)

S-CMS is a content management system CMS based on PHP and MySQL. A cross-site scripting vulnerability exists in the admin/demo.php file in S-CMS version 3.0, which stems from the program's failure to filter the 'Tid' parameter, which can be exploited by remote attackers to inject arbitrary Web...

PT-2018-15401 · S Cms · S-Cms

Name of the Vulnerable Software and Affected Versions: S-CMS version 3.0 Description: An issue in S-CMS allows cross-site scripting XSS attacks via the T id parameter in the "admin/demo.php" API endpoint. Recommendations: For S-CMS version 3.0, avoid using the T id parameter in the "admin/demo.ph...