| Vendor |
|
| Product | Weblication CMS |
| Affected Version(s) | 17 and probably prior |
| Tested Version(s) | 17 |
| Vendor Notification | 24 January 2023 |
| Advisory Publication | 24 January 2023 [without technical details] |
| Vendor Fix | N/A |
| Public Disclosure | 24 January 2023 |
| Latest Modification | 24 January 2023 |
| CVE Identifier | Pending |
| Product Description | Das XML Content-Management-System |
| Credits | Patrik Fabian Security Researcher & Penetration Tester @wizlynx group |
| Reflected Cross-Site Scripting | |||
| Severity: Medium | CVSS Score: 6.1 | CWE-ID: CWE-79 | Status: Open |
| Vulnerability Description | |||
| The application Weblication CMS is affected by a reflected Cross-Site Scripting (XSS) vulnerability affecting version 17 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML. | |||
| CVSS Base Score | |||
| Attack Vector | Reflected Cross-Site Scripting | Scope | Changed |
| Attack Complexity | Low | Confidentiality Impact | Low |
| Privileges Required | None | Integrity Impact | Low |
| User Interaction | Required | Availability Impact | None |
Full details about the vulnerability will be disclosed once the vendor has provided a patch.