CVE-2017-20185 LOW

CVE-2017-20185: Fuzzy SWMP GET Parameter swmp.php cross site scripting

Vendor Fuzzy
Product SWMP
Weakness CWE-79 · XSS
Published June 6, 2023
Last update August 5, 2024
View on NVD All CVEs

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in Fuzzy SWMP. It has been rated as problematic. This issue affects some unknown processing of the file swmp.php of the component GET Parameter Handler. The manipulation of the argument theme leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 792bcab637cb8c3bd251d8fc8771512c5329a93e. It is recommended to apply a patch to fix this issue. The identifier VDB-230669 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Key dates

02Disclosure timeline

June 6, 2023 CVE published
August 5, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-68904 WordPress JNews - Frontend Submit plugin <= 11.0.0 - Reflected Cross Site Scripting (XSS) vulnerability CVE-2019-1949 Cisco Firepower Management Center Persistent Cross-Site Scripting Vulnerability CVE-2021-24229 Patreon WordPress < 1.7.2 - Reflected XSS on patreon_save_attachment_patreon_level AJAX action CVE-2026-27240 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2024-1080 Beaver Builder – WordPress Page Builder <= 2.7.4.4 - Authenticated(Contributor+) Stored Cross-Site Scripting via heading tag