Vulnerability CVE-2017-10967

Vulnerability CVE-2017-10967

Published: 2017-07-06 Modified: 2017-07-13

Description:

In FineCMS before 2017-07-06, application\core\controller\config.php allows XSS in the (1) key_name, (2) key_value, and (3) meaning parameters.

Vendor: Finecms project

Product: Finecms

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score	Impact Subscore	Exploitability Subscore
4.3/10	2.9/10	8.6/10

Exploit range	Attack complexity	Authentication
Remote	Medium	No required
Confidentiality impact	Integrity impact	Availability impact
None	Partial	None

References:

https://github.com/andrzuk/FineCMS/pull/9

	Related CVE
CVE-2017-14195	The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 might have XSS related to the Referer HTTP header with Internet Explorer.
CVE-2017-14194	The out function in controllers/member/Login.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.
CVE-2017-14193	The oauth function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the Referer HTTP header with Internet Explorer.
CVE-2017-14192	The checktitle function in controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the module field.
CVE-2017-13697	controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to the dirname variable.
CVE-2017-12774	finecms in 1.9.5\controllers\member\ContentController.php allows remote attackers to operate website database
CVE-2017-11202	FineCMS through 2017-07-12 allows XSS in visitors.php because JavaScript in visited URLs is not restricted either during logging or during the reading of logs, a different vulnerability than CVE-2017-11180.
CVE-2017-11198	Cross-site scripting (XSS) vulnerability in /application/lib/ajax/get_image.php in FineCMS through 2017-07-12 allows remote attackers to inject arbitrary web script or HTML via the folder, id, or name parameter.

Copyright 2017, cxsecurity.com