Closed preethikoroth closed 6 years ago
I understand that there may be issues with v2.3.x but we're no longer supporting version 2.3.x we're only working on 2.4.x currently.
I tested on the latest version 2.4.3. It is also vulnerable. Opened a new issue 116 for the same.
This issue has been assigned CVE-2018-7274. Thanks for the quick fix!
Reference: http://seclists.org/bugtraq/2018/Feb/53
Description: Quarx CMS is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input.
Affected pages and parameters:
Blog -> 'Title' FAQ -> 'Question' Pages -> 'Title' Widgets -> 'Name' Menus -> 'Name'
Impact: Attacker can execute arbitrary code in the browser of a random user.
Affected version: 2.3.23
CVSS:3.0/AV:N/AC:M/PR:N/UI:R/S:U/C:P/I:P/A:P
Credit: Preethi Koroth
Thanks.