CVE-2020-19158: XSS
First published: Wed Sep 15 2021(Updated: )
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| S-cms S-cms | =2019-10-14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-19158.
What is the severity rating of CVE-2020-19158?
The severity rating of CVE-2020-19158 is medium with a score of 5.4.
How does the vulnerability CVE-2020-19158 occur?
The vulnerability CVE-2020-19158 occurs due to Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier.
What is the impact of CVE-2020-19158?
CVE-2020-19158 allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the '/data/admin/#/app/config/' component.
Where can I find more information about CVE-2020-19158?
More information about CVE-2020-19158 can be found at this link: [https://github.com/TL-swallow/swallow/blob/master/S-CMS%20XSS1.docx](https://github.com/TL-swallow/swallow/blob/master/S-CMS%20XSS1.docx)
- collector/nvd-index
- agent/references
- agent/author
- agent/weakness
- agent/severity
- agent/tags
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/s-cms
- canonical/s-cms s-cms
- version/s-cms s-cms/2019-10-14