Improper access control in Custom Landing Page Builder - #VU6786
Published: May 29, 2017 / Updated: May 29, 2017
Vulnerability identifier: #VU6786
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: zyxware
Affected software:
Custom Landing Page Builder
Custom Landing Page Builder
Detailed vulnerability description
The vulnerability allows a remote attacker to gain access to layout of the page.
The weakness exists due to improper access control. A remote attacker can use a WYSIWYG editor to build custom landing pages and edit the header, navigation, page content, footer, forms on the webpage.
Successful exploitation of the vulnerability may result in full control over the full layout of the page.
Remediation
Cybersecurity Help is currently unaware of any official patch addressing the vulnerability.