Summary
w-CMS is prone to multiple HTML-injection vulnerabilities and a local file-include vulnerability.
Exploiting these issues could allow an attacker to execute arbitrary HTML and script code in the context of the affected browser, steal cookie-based authentication credentials, and execute arbitrary local scripts in the context of the webserver process. Other attacks are also possible.
w-CMS 2.0.1 is vulnerable
other versions may also be affected.
References
Updated on 2017-03-28