CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18927
https://notcve.org/view.php?id=CVE-2018-18927
An issue was discovered in PublicCMS V4.0. It allows XSS by modifying the page_list "attached" attribute (which typically has 'class="icon-globe icon-large"' in its value), as demonstrated by an 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"' statement. Se ha descubierto un problema en PublicCMS V4.0. Permite Cross-Site Scripting (XSS) modificando el atributo "attached" de page_list (que normalmente tiene 'class="icon-globe icon-large"' en su valor), tal y como queda demostrado con una instrucción 'UPDATE sys_module SET attached = "[XSS]" WHERE id="page_list"'. • https://github.com/sanluan/PublicCMS/issues/22 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •