CVE-2017-7202

MEDIUM

SLiMS 7 Cendana <2017-03-16 - XSS

Title source: llm

Description

Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. The vulnerabilities exist due to insufficient filtration of user-supplied data (id) passed to the 'slims7_cendana-master/template/default/detail_template.php' and 'slims7_cendana-master/template/default-rtl/detail_template.php' URLs. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

References (2)

[Exploit, Third Party Advisory] https://github.com/slims/slims7_cendana/issues/50

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97004

Scores

CVSS v3 6.1

EPSS 0.0024

EPSS Percentile 47.0%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (2)

n/a/n/a

slims/slims7_cendana < 62b8ee8b51be89fc65e0d59b01c3724737f9da20

Timeline

Published Mar 21, 2017

Tracked Since Feb 18, 2026