MEDIUM
Ionizecms
CVE published 2017-02-12
CVE-2017-5961
CVE-2017-5961 describes a browser-based cross-site scripting issue in Ionize through 1.0.8. The vulnerable code path accepts user-supplied data in the "path" HTTP GET parameter for the Codemirror dialog endpoint and does not filter it sufficiently, allowing an attacker to run arbitrary HTML and script in the context of the vulnerable site. The CVSS v3.0 vector reflects network reachability, low attack com [truncated]