Unrated severityOSV Advisory· Published Mar 13, 2018· Updated Aug 5, 2024

CVE-2018-1000084

Description

WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name (from Layout tab) that can result in low privilege user can steal the cookie of admin user and compromise the admin account. This attack appear to be exploitable via Need to enter the Javascript code into Layout Name .

Affected products

Wolfcms/WolfCMSOSV2 versions
0.7.0, 0.7.1, 0.7.2, …+ 1 more
- (no CPE)range: 0.7.0, 0.7.1, 0.7.2, …
- (no CPE)range: <=0.8.3.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/wolfcms/wolfcms/issues/667mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000