Vulnerability CVE-2020-28092


Published: 2020-11-17   Modified: 2020-11-18

Description:
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=

See advisories in our WLB2 database:
Topic
Author
Date
Low
PESCMS TEAM 2.3.2 Cross Site Scripting
icekam
21.11.2020

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

 References:
https://github.com/lazyphp/PESCMS-TEAM/issues/6

Copyright 2024, cxsecurity.com

 

Back to Top