CVE-2017-16230

In admin/write-post.php in Typecho through 1.1, one can log in to the background page, write a new article, and add payload in the article content, resulting in XSS via index.php/action/contents-post-edit.
References
Link Resource
https://github.com/SQYY/CVE/blob/master/Typecho.txt Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:typecho:typecho:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-10-30 19:29

Updated : 2024-02-04 19:29


NVD link : CVE-2017-16230

Mitre link : CVE-2017-16230

CVE.ORG link : CVE-2017-16230


JSON object : View

Products Affected

typecho

  • typecho
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')