Stored XSS Vulnerability in ClipperCMS 1.3.3 Site Name Field

Stored XSS Vulnerability in ClipperCMS 1.3.3 Site Name Field

CVE-2018-11332 · LOW Severity

AV:N/AC:M/AU:S/C:N/I:P/A:N

Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTML via a crafted site name to the manager/processors/save_settings.processor.php file.

Learn more about our Web App Pen Testing.