References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

Known Affected Software Configurations Switch to CPE 2.2

Change History

OR
          *cpe:2.3:a:exe-system:notescms:2024-05-08:*:*:*:*:*:*:*

MITRE: https://gist.github.com/yA0-Z/eb6cd89398abff716c70866fa873dbde Types: Third Party Advisory

MITRE: https://github.com/PrivateAccount/NotesCMS/issues/3 Types: Issue Tracking, Patch

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-79

A vulnerability has been found in NotesCMS and classified as medium. Affected by this vulnerability is the page /index.php?route=sites. The manipulation of the title of the service descriptions leads to a stored XSS vulnerability. The issue was confirmed to be present in the source code as of commit 7d821a0f028b0778b245b99ab3d3bff1ac10e2d3 (dated 2024-05-08), and was fixed in commit 95322c5121dbd7070f3bd54f2848079654a0a8ea (dated 2025-03-31). The attack can be launched remotely. CWE Definition of the Vulnerability: CWE-79.

https://gist.github.com/yA0-Z/eb6cd89398abff716c70866fa873dbde

https://github.com/PrivateAccount/NotesCMS/issues/3