CVE-2017-10967 Information

Description

In FineCMS before 2017-07-06 application\core\controller\config.php allows XSS in the (1) key_name (2) key_value and (3) meaning parameters.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://github.com/andrzuk/FineCMS/pull/9

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1