Home

Description

Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.

PUBLISHED Reserved 2019-10-13 | Published 2019-10-13 | Updated 2024-08-05 | Assigner mitre




CRITICAL: 9.3CVSS:3.0/AC:L/AV:N/A:N/C:H/I:H/PR:N/S:C/UI:R

References

rastating.github.io/gila-cms-reflected-xss/

github.com/GilaCMS/gila/pull/48

rastating.github.io/gila-cms-reflected-xss/

github.com/GilaCMS/gila/pull/48

cve.org (CVE-2019-17535)

nvd.nist.gov (CVE-2019-17535)

Download JSON