Medium severity6.1NVD Advisory· Published Mar 7, 2017· Updated May 13, 2026

CVE-2017-6511

Description

andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in index.php because of missing validation of the action parameter in application/classes/application.php.

Affected products

Finecms Project/Finecms
cpe:2.3:a:finecms_project:finecms:*:*:*:*:*:*:*:*
Range: <=2017-02-10

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/andrzuk/FineCMS/commit/2c80de96d403d4a2e81ac4c48f358bdffbe85ea0nvdPatchThird Party Advisory
github.com/andrzuk/FineCMS/issues/2nvdExploitThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.397
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000