CVE-2017-15872

NONE EPSS 39.8%
Published Oct 24, 20178y ago ยท Modified Jun 17, 20262w ago
Find Similar
Published Oct 24, 2017 8y ago
Last Modified Jun 17, 2026 2w ago

Description

phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and include/inc_tmpl/admin.newuser.tmpl.php via the username (aka new_login) field.

Threat Intelligence

EPSS Exploit Probability
39.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-79 Cross-site Scripting Injection

Affected Products 1

VendorProductVersionRange
phpwcmsphpwcms1.8.9any

References 2

  • github.com https://github.com/slackero/phpwcms/commit/62c7c4a7a7de5effa0a82c89e77e53795a82e11d
    Issue TrackingPatchThird Party Advisory
  • github.com https://github.com/slackero/phpwcms/commit/90ee94a474b37919161f8112f9e36c53ad70492f
    Issue TrackingPatchThird Party Advisory

Remediation

  • github.com https://github.com/slackero/phpwcms/commit/62c7c4a7a7de5effa0a82c89e77e53795a82e11d
    Issue TrackingPatchThird Party Advisory
  • github.com https://github.com/slackero/phpwcms/commit/90ee94a474b37919161f8112f9e36c53ad70492f
    Issue TrackingPatchThird Party Advisory