Note:
This project will be discontinued after December 13, 2021. [more]
2019-07-19
OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request.
| Products | Otcms |
| Type | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79) |
| First patch | - None (likely due to unavailable code) |
| Links | https://cisk123456.blogspot.com/2019/05/otcms-xss.html |