A security flaw has been discovered in Willow CMS up to 1.4.0. This issue affects some unknown processing of the file /admin/articles/add of the component Add Post Page. The manipulation of the argument title/body results in cross site scripting. The attack may be launched remotely. The exploit has been released to the public and may be exploited.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 2.4 | LOW | CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N | 0.9 | 1.4 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,CWE-94,CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| matthewdeaves | willow_cms | * |
A weakness has been identified in Willow CMS up to 1.4.0. Impacted is an unknown function of the file /admin/images/add. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| cna@vuldb.com | 4.7 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L | 1.2 | 3.4 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-284,CWE-434,CWE-434,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| matthewdeaves | willow_cms | * |