Cross-Site Scripting vulnerabilities in Jetbox CMS

vendor:

Jetbox CMS

by:

5.5

CVSS

MEDIUM

Cross-Site Scripting (XSS)

CWE

Product Name: Jetbox CMS

Affected Version From: 2.1

Affected Version To: 2.1

Patch Exists: NO

Related CWE:

CPE: a:jetbox_cms_project:jetbox_cms:2.1

Metasploit:

Other Scripts:

Platforms Tested:

Cross-Site Scripting vulnerabilities in Jetbox CMS

Jetbox CMS is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest patches and updates from the vendor. Additionally, input validation and output encoding should be implemented to sanitize user-supplied data.

Source

Cross-Site Scripting vulnerabilities in Jetbox CMS

Mitigation:

Exploit-DB raw data: