Home / os / winmobile

SiteVision 4.x / 5.x Insufficient Module Access Control

Posted on 07 December 2019

SiteVision suffers from an issue where attacker may inject non-authorized module when editing pages using a lower privileged account, which can lead to cross site scripting and remote code execution. All versions of SiteVision 4 until 4.5.6 and all versions of SiteVision 5 until 5.1.1 are vulnerable.

 

TOP

Malware :

Exploits :