Publiccms: >> Publiccms >> 4.0 Security Vulnerabilities
Cross Site Scripting (XSS) vulnerability in PublicCMS 4.0 to get an admin cookie when the Administrator reviews submit case.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-07-09
An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement.
CVSS Score
4.8
EPSS Score
0.002
Published
2018-11-04
Page 3