Description
Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to admin/settings/general.
Exploits (1)
References (3)
Core 3
Core References
Patch x_refsource_misc
https://github.com/Creatiwity/wityCMS/commit/7967e5bf15b4d2ee6b85b56e82d7e1229147de44
Exploit, Patch, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/44790/
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/Creatiwity/wityCMS/issues/150
Scores
CVSS v3
4.8
EPSS
0.0025
EPSS Percentile
48.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
creatiwity/witycms
0.6.1
Published
May 28, 2018
Tracked Since
Feb 18, 2026