Vulnerability Details CVE-2020-17451
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.4%
CVSS Severity
CVSS v3 Score 4.8
CVSS v2 Score 3.5
References
Products affected by CVE-2020-17451
-
cpe:2.3:a:flatcore:flatcore:-
-
cpe:2.3:a:flatcore:flatcore:1.0
-
cpe:2.3:a:flatcore:flatcore:1.1
-
cpe:2.3:a:flatcore:flatcore:1.1.1
-
cpe:2.3:a:flatcore:flatcore:1.3
-
cpe:2.3:a:flatcore:flatcore:1.4
-
cpe:2.3:a:flatcore:flatcore:1.4.5
-
cpe:2.3:a:flatcore:flatcore:1.4.6
-
cpe:2.3:a:flatcore:flatcore:1.4.7
-
cpe:2.3:a:flatcore:flatcore:1.4.7.4
-
cpe:2.3:a:flatcore:flatcore:1.5
-
cpe:2.3:a:flatcore:flatcore:1.5.4
-
cpe:2.3:a:flatcore:flatcore:1.5.5