CVE-2020-23981
Description
13enforme CMS 1.0 has Cross Site Scripting via the "content.php" id parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
13enforme CMS 1.0 has a stored XSS vulnerability via the 'id' parameter in content.php.
Vulnerability
13enforme CMS version 1.0 is vulnerable to cross-site scripting (XSS) through the id parameter in the content.php script. The application fails to properly sanitize user input, allowing the injection of arbitrary script code [1].
Exploitation
An attacker can exploit this vulnerability by crafting a malicious URL containing JavaScript code in the id parameter. The attack requires the victim to click on the crafted link; no authentication is needed [1].
Impact
Successful exploitation results in arbitrary JavaScript execution in the context of the victim's browser session. This can lead to session hijacking, defacement, or redirection to malicious sites [1].
Mitigation
No official patch or fixed version has been released by the vendor as of the publication date. Users should limit exposure by disabling the vulnerable function or using a web application firewall (WAF) to filter malicious requests. The CMS may be end-of-life [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- 13enforme/CMSdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.