प्लेटफ़ॉर्म
php
घटक
flusity-cms
A cross-site scripting (XSS) vulnerability has been identified in flusity CMS. This flaw allows attackers to inject malicious scripts by manipulating the editpostid argument within the loadPostAddForm function of the core/tools/posts.php file. The vulnerability is exploitable remotely and poses a risk to users who haven't applied the available patch. Due to flusity CMS’s rolling release model, specific affected versions are not available.
Successful exploitation of CVE-2023-5810 allows an attacker to execute arbitrary JavaScript code within the context of a user's browser session on the flusity CMS website. This can lead to various malicious actions, including session hijacking, credential theft, and defacement of the website. An attacker could potentially steal sensitive user data, redirect users to phishing sites, or inject malware. The impact is amplified if the CMS is used to manage sensitive information or handle user authentication.
This vulnerability was publicly disclosed on 2023-10-27. A proof-of-concept may be available or developed due to the public disclosure. The vulnerability is currently not listed on CISA KEV, and there are no confirmed reports of active exploitation at this time. Monitor security advisories and threat intelligence feeds for any updates.
Organizations and individuals using flusity CMS are at risk, particularly those who haven't implemented a robust update process. Shared hosting environments where multiple users share the same CMS installation are also at increased risk, as a compromise of one user's account could potentially affect others.
• php / web:
grep -r "loadPostAddForm" /var/www/flusity-cms/• php / web:
curl -I https://your-flusity-cms-site.com/core/tools/posts.php?edit_post_id=<script>alert(1)</script>disclosure
एक्सप्लॉइट स्थिति
EPSS
0.06% (20% शतमक)
CVSS वेक्टर
The primary mitigation for CVE-2023-5810 is to apply the provided patch: 6943991c62ed87c7a57989a0cb7077316127def8. Given the rolling release nature of flusity CMS, applying this patch ensures you have the latest security updates. Since specific versions are not identified, it's crucial to regularly check for and apply updates. While a direct rollback isn't possible, ensuring you're on the latest build is the best defense. Consider implementing a Web Application Firewall (WAF) with rules to filter potentially malicious input in the editpostid parameter as an interim measure.
Aplicar el parche con identificador 6943991c62ed87c7a57989a0cb7077316127def8 proporcionado por el proveedor. Debido a que se trata de rolling releases, se recomienda actualizar a la última versión disponible o aplicar el parche manualmente si es posible. Verificar que la entrada `edit_post_id` esté correctamente sanitizada para evitar la inyección de código malicioso.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2023-5810 is a cross-site scripting (XSS) vulnerability in flusity CMS that allows attackers to inject malicious scripts by manipulating the editpostid parameter. It has a LOW severity rating (CVSS 2.4).
If you are using flusity CMS and have not applied the patch 6943991c62ed87c7a57989a0cb7077316127def8, you are potentially affected due to the rolling release model.
Apply the provided patch 6943991c62ed87c7a57989a0cb7077316127def8 to update your flusity CMS installation. Regularly check for updates as part of your security practices.
There are currently no confirmed reports of active exploitation, but the vulnerability has been publicly disclosed, so exploitation is possible.
Refer to the flusity CMS website or their official communication channels for the latest advisory regarding CVE-2023-5810.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।