Required CVE Record Information
Description
A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Logo Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 4 Total
| Score | Severity | Version | Vector String |
|---|---|---|---|
| 5.3 | MEDIUM | 4.0 | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N |
| 3.5 | LOW | 3.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
| 3.5 | LOW | 3.0 | CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N |
| 4.0 | — | 2.0 | AV:N/AC:L/Au:S/C:N/I:P/A:N |
Credits
- acmglz (VulDB User) reporter
References 4 Total
- vuldb.com: VDB-275725 | ClassCMS Logo admin cross site scripting vdb-entry
- vuldb.com: VDB-275725 | CTI Indicators (IOB, IOC, TTP, IOA) signaturepermissions-required
- vuldb.com: Submit #397217 | classcms 4.8 xss third-party-advisory
- https://github.com/acmglz/bug2_report/blob/main/classcms_xss.md exploit