CVE-2014-1944

EPSS 3.3%

Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.

Affected products

n/a · n/a

public PoCs found — 2

cve_referencewww.exploit-db.com/exploits/32076unverified exploitdbwww.exploit-db.com/exploits/32076unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/91538 https://github.com/IlchCMS/Ilch-2.0/commit/381e15f39d07d3cdf6aaaa25c0f2321f817935f7 https://www.htbridge.com/advisory/HTB23203 http://www.exploit-db.com/exploits/32076 http://www.securityfocus.com/archive/1/531350/100/0/threaded