Primary

Context

phpcmsv9 Cross-Site Scripting Vulnerability in Version 9.6.3

Vulnerability

A cross-site scripting (XSS) vulnerability has been identified in phpcmsv9 version 9.6.3. This vulnerability allows remote attackers to inject scripts that could be executed in the context of the user's session, potentially leading to privilege escalation.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, access the admin panel and navigate to 'My Panel' then 'Modify Personal Information'. Enter a real name that includes a script payload. Due to front-end character limits, use a tool like Burp Suite to bypass these restrictions by sending the crafted payload as a parameter. Once the payload is submitted, it will be stored in the database without proper sanitization. When the information is retrieved and displayed, the script will execute, demonstrating the cross-site scripting vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

5.0

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

phpcmsv9 Cross-Site Scripting Vulnerability in Version 9.6.3

Vulnerability

Impact

Reproduction

Affected Products

Abel-Lan phpcms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating