CVE-2020-24138
Description
Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary web script and HTML.
Vulnerability Type
Cross Site Scripting (XSS)
Vendor of Product
vedees
Affected Product Code Base
wcms - 0.3.2
Attack Type
Remote
CVE Impact Other
user's Session Hijacking, disclosure of sensitive data, CSRF attacks
Reference
Has vendor confirmed or acknowledged the vulnerability?
true
Discoverer
Suzhou Aurora Infinity Information Technology Co., Ltd.