CVE-2018-11332

MEDIUM

Clippercms - XSS

Title source: rule

Description

Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.

Exploits (1)

exploitdb WORKING POC

by Nathu Nandwani · textwebappsphp

https://www.exploit-db.com/exploits/44775

View Code ZIP pw:eip

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/ClipperCMS/ClipperCMS/issues/483

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/44775/

Scores

CVSS v3 4.8

EPSS 0.0023

EPSS Percentile 45.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

clippercms/clippercms 1.3.3

Published May 24, 2018

Tracked Since Feb 18, 2026