CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-11611

Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The vulnerability exists due to insufficient sanitization of the file name in a "create-file-popup" action, and the directory name in a "create-directory-popup" action, in the HTTP POST method to the "/plugin/file_manager/" script (aka an /admin/plugin/file_manager/browse// URI).

Exploit prediction scoring system (EPSS) score

EPSS Score 0.013

EPSS Ranking 79.2%

CVSS Severity

CVSS v3 Score 5.4

CVSS v2 Score 3.5

References

https://github.com/faizzaidi/Wolfcms-v0.8.3.1-xss-POC-by-Provensec-llc
https://github.com/faizzaidi/Wolfcms-v0.8.3.1-xss-POC-by-Provensec-llc

Products affected by CVE-2017-11611

Wolfcms » Wolf Cms » Version: 0.8.3.1

cpe:2.3:a:wolfcms:wolf_cms:0.8.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-11611

Products

Pricing

Contact Us