Unrated severityNVD Advisory· Published Sep 17, 2020· Updated Aug 4, 2024

Reflected XSS leading to RCE in SoyCMS

CVE-2020-15183

Description

SoyCMS 3.0.2 and earlier is affected by Reflected Cross-Site Scripting (XSS) which leads to Remote Code Execution (RCE) from a known vulnerability. This allows remote attackers to force the administrator to edit files once the adminsitrator loads a specially crafted webpage.

Affected products

Inunosinsi/Soycmsv5
Range: <= 3.0.2

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/inunosinsi/soycms/commit/045a222016f99b56557b0d8f39bbfc653d2c4707mitrex_refsource_MISC
github.com/inunosinsi/soycms/security/advisories/GHSA-33q6-4xmp-2f48mitrex_refsource_CONFIRM
youtu.be/uAMAwH35upsmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000