What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fumiki Takahashi Gianism gianism allows Stored XSS.This issue affects Gianism: from n/a through <= 6.0.0.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L
What the vulnerability does
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fumiki Takahashi Gianism gianism allows Stored XSS.This issue affects Gianism: from n/a through <= 6.0.0.
Explanation of Vulnerability in Simple Terms
Gianism versions up to 6.0.0 contain a cross-site scripting (XSS) vulnerability that allows an authenticated administrator to inject malicious scripts. The vulnerability requires user interaction—typically clicking a crafted link—and can affect other users' sessions and data. The impact is limited to low-severity confidentiality, integrity, and availability breaches.
What an attacker can do
Inject malicious scripts that execute in other users' browsers when they visit affected pages.
Potential impact on your site
A malicious admin can steal session tokens, modify site content, or deface pages viewed by other administrators.
Conditions required to exploit
Attacker must have high-level admin privileges and the victim must click a malicious link or visit a crafted page.
Key dates
External resources