CVE-2018-13865

An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism.
References
Link Resource
https://github.com/idreamsoft/iCMS/issues/27 Exploit Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:idreamsoft:icms:7.0.9:*:*:*:*:*:*:*

Information

Published : 2018-07-10 08:29

Updated : 2018-09-06 06:54


NVD link : CVE-2018-13865

Mitre link : CVE-2018-13865

Products Affected
No products.
CWE