CVE-2017-11629
MEDIUM NUCLEIfinecms < 5.0.10 - Cross-Site Scripting via API Data2 Function Parameter
Title source: llmExploitation Summary
CVE-2017-11629 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.
Description
dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in controllers/api.php via the function parameter in a c=api&m=data2 request.
Nuclei Templates (1)
FineCMS <=5.0.10 - Cross-Site Scripting
MEDIUMVERIFIEDby ritikchaddha
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
http://lorexxar.cn/2017/07/20/FineCMS%20multi%20vulnerablity%20before%20v5.0.9/#api-php-Reflected-XSS
Scores
CVSS v3
6.1
EPSS
0.0194
EPSS Percentile
77.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
finecms/finecms
< 5.0.10
Published
Jul 26, 2017
Tracked Since
Feb 18, 2026