vendor:
Barebones CMS
by:
tmrswrr
N/A
CVSS
HIGH
Stored Cross-Site Scripting (XSS)
79
CWE
Product Name: Barebones CMS
Affected Version From: v2.0.2
Affected Version To: v2.0.2
Patch Exists: NO
Related CWE:
CPE: a:cubiclesoft:barebones_cms:2.0.2
Platforms Tested:
2023
Barebones CMS v2.0.2 – Stored Cross-Site Scripting (XSS) (Authenticated)
An authenticated user can inject malicious JavaScript code in the title field of a new story, leading to stored cross-site scripting (XSS) vulnerability. This allows the attacker to execute arbitrary code in the context of the affected website's users.
Mitigation:
To mitigate this vulnerability, input validation and output encoding should be implemented to prevent the execution of malicious scripts. Additionally, user input should be sanitized to remove any potentially harmful code.