First published: Mon Jan 11 2021(Updated: )
XSS exists in JIZHICMS 1.7.1 via index.php/Wechat/checkWeixin?signature=1&echostr={XSS] to Home/c/WechatController.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Jizhicms Jizhicms | =1.7.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this JIZHICMS vulnerability is CVE-2020-23643.
The severity rating of CVE-2020-23643 is medium with a CVSS score of 6.1.
The XSS vulnerability in JIZHICMS 1.7.1 occurs in the index.php/Wechat/checkWeixin endpoint by allowing an attacker to inject malicious code through the 'signature' parameter.
The affected software version for CVE-2020-23643 is JIZHICMS 1.7.1.
Yes, a fix for this vulnerability may be available through the JIZHICMS project's official GitHub repository.