CVE-2018-11512
Last modified
CVE-2018-11512 is a vulnerability of currently unknown severity. Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.. EPSS estimates a 2.18% chance of exploitation in the next 30 days.
Description
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Creatiwity | Witycms | 0.6.1 |
References
- https://github.com/Creatiwity/wityCMS/issues/150Exploit, Issue Tracking, Patch, Third Party Advisory
- https://www.exploit-db.com/exploits/44790/Exploit, Patch, Third Party Advisory, VDB Entry
- https://github.com/Creatiwity/wityCMS/issues/150Exploit, Issue Tracking, Patch, Third Party Advisory
- https://www.exploit-db.com/exploits/44790/Exploit, Patch, Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-11512?
How severe is CVE-2018-11512?
How do I fix CVE-2018-11512?
Are you affected by CVE-2018-11512?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST