CVE-2020-15183 – Reflected XSS leading to RCE in SoyCMS

https://notcve.org/view.php?id=CVE-2020-15183

SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. This allows remote attackers to force the administrator to edit files once the adminsitrator loads a specially crafted webpage. SoyCMS versiones 3.0.2 y anteriores, están afectadas por una vulnerabilidad de tipo Cross-Site Scripting (XSS) Reflejado que conlleva a una Ejecución de Código Remota (RCE) a partir de una vulnerabilidad conocida. Esto permite a atacantes remotos forzar al administrador a editar archivos una vez que el administrador carga una página web especialmente diseñada • https://github.com/inunosinsi/soycms/commit/045a222016f99b56557b0d8f39bbfc653d2c4707 https://github.com/inunosinsi/soycms/security/advisories/GHSA-33q6-4xmp-2f48 https://youtu.be/uAMAwH35ups • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •