Widestand CMS, versions 5.3.5 and prior.
INCIBE has coordinated the publication of a vulnerability affecting WideStand CMS, a professional CMS solution developed by Acilia y based on Symfony framework, which has been discovered by Ángel Heredia Pérez, of Telefónica Tech.
The following code has been assigned to this vulnerability:
- CVSS v3.1 base score: 5.4.
- CVSS vector string: AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N.
- Vulnerability type: CWE-79: CWE-79: improper neutralization of input during web page generation (Cross-site Scripting).
There is no reported solution at this time.