Primary

Context

Phpcms Privilege Escalation Vulnerability via Cross-Site Scripting in Member Center

Vulnerability

A stored cross-site scripting vulnerability has been identified in Phpcms version 9.6.3. This issue allows remote attackers to inject malicious scripts that are executed in the context of the user viewing the member center interface. The vulnerability arises from the menu management feature in the admin panel, where input is not properly sanitized before being saved and later displayed, potentially leading to privilege escalation.

Impact

Exploitation of this vulnerability allows for stored cross-site scripting, where injected scripts are executed in the context of the user.

Reproduction

To reproduce this vulnerability, log into the Phpcms admin panel and navigate to the member center menu management interface. Add a new menu item, ensuring to include a script payload in the name or language fields. Once the menu item is saved, the injected script will execute when any user accesses the member center.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.2

impact

1.7

exploitability

6.3

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Phpcms Privilege Escalation Vulnerability via Cross-Site Scripting in Member Center

Vulnerability

Impact

Reproduction

Affected Products

Abel-Lan phpcms

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating