CVE-2020-17451: XSS
First published: Sun Aug 09 2020(Updated: )
flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Flatcore Flatcore | <1.5.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-17451.
Which software versions are affected by this vulnerability?
Flatcore versions up to and excluding 1.5.7 are affected by this vulnerability.
What is the severity level of CVE-2020-17451?
The severity level of CVE-2020-17451 is medium with a CVSS score of 4.8.
How can an admin exploit this vulnerability?
An admin can exploit this vulnerability by using certain parameters in the 'pages' or 'system' section of the flatCore CMS admin control panel.
Are there any patches or updates available to fix this vulnerability?
Yes, updating flatCore to version 1.5.7 or above will fix this vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- vendor/flatcore
- canonical/flatcore flatcore