{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/digital-publications-by-supsystic-1.6.9/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":7.5,"id":"CVE-2020-37245"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Digital Publications by Supsystic 1.6.9"],"_cs_severities":["high"],"_cs_tags":["path-traversal","xss","wordpress","plugin"],"_cs_type":"advisory","_cs_vendors":["Supsystic"],"content_html":"\u003cp\u003eSupsystic Digital Publications version 1.6.9 is a WordPress plugin that suffers from both a path traversal and a stored cross-site scripting (XSS) vulnerability. The path traversal, identified as CVE-2020-37245, is located in the \u0026lsquo;Folder\u0026rsquo; input field and allows unauthenticated attackers to access arbitrary files outside of the web root by injecting directory traversal sequences (e.g., ../). The plugin also fails to properly sanitize input fields within publication settings, specifically \u0026lsquo;Area Width\u0026rsquo; and \u0026lsquo;Publication Width\u0026rsquo;, leading to stored XSS. Successful exploitation allows an attacker to execute arbitrary JavaScript code in the context of other users who view or edit the publications, potentially leading to session hijacking, defacement, or further malicious actions.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker identifies a vulnerable Supsystic Digital Publications 1.6.9 installation.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious HTTP request to exploit the path traversal vulnerability by injecting directory traversal sequences in the \u003ccode\u003eFolder\u003c/code\u003e input field.\u003c/li\u003e\n\u003cli\u003eThe server processes the request without proper validation, allowing the attacker to read arbitrary files outside the web root.\u003c/li\u003e\n\u003cli\u003eAlternatively, the attacker injects malicious JavaScript code into the \u0026lsquo;Area Width\u0026rsquo; or \u0026lsquo;Publication Width\u0026rsquo; parameters within the publication settings.\u003c/li\u003e\n\u003cli\u003eThe server stores the unsanitized JavaScript code in the WordPress database.\u003c/li\u003e\n\u003cli\u003eA legitimate user views or edits the publication containing the injected XSS payload.\u003c/li\u003e\n\u003cli\u003eThe user\u0026rsquo;s browser executes the malicious JavaScript code, potentially stealing cookies or redirecting to a malicious site.\u003c/li\u003e\n\u003cli\u003eThe attacker leverages the stolen session cookie or the ability to inject content to further compromise the WordPress site.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of the path traversal vulnerability (CVE-2020-37245) allows an attacker to read sensitive files on the server, potentially exposing credentials, configuration files, or other confidential information. The stored XSS vulnerability allows attackers to inject malicious scripts that execute in the context of other users, potentially leading to account takeover, data theft, or defacement of the website. This can impact any WordPress website running the vulnerable version of the plugin until it\u0026rsquo;s patched or removed. The CVSS v3.1 base score for CVE-2020-37245 is 7.5, indicating a high severity vulnerability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to a patched version of Supsystic Digital Publications that addresses the path traversal and XSS vulnerabilities.\u003c/li\u003e\n\u003cli\u003eApply input validation and sanitization to all user-supplied input, especially in publication settings, to prevent XSS attacks.\u003c/li\u003e\n\u003cli\u003eImplement proper access controls and file permission restrictions to limit the impact of path traversal vulnerabilities.\u003c/li\u003e\n\u003cli\u003eMonitor web server logs for suspicious activity, such as requests containing directory traversal sequences, to detect potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Supsystic Path Traversal\u003c/code\u003e to identify exploitation attempts in web server logs.\u003c/li\u003e\n\u003cli\u003eDeploy the Sigma rule \u003ccode\u003eDetect Supsystic XSS Attempt\u003c/code\u003e to detect potential attempts to inject malicious Javascript into publication parameters.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-16T16:19:28Z","date_published":"2026-05-16T16:19:28Z","id":"https://feed.craftedsignal.io/briefs/2026-05-supsystic-path-traversal-xss/","summary":"Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field, allowing attackers to access sensitive files, and a stored XSS vulnerability due to improper input sanitization, leading to arbitrary script execution in the context of affected users (CVE-2020-37245).","title":"Supsystic Digital Publications Path Traversal and Stored XSS Vulnerability (CVE-2020-37245)","url":"https://feed.craftedsignal.io/briefs/2026-05-supsystic-path-traversal-xss/"}],"language":"en","title":"CraftedSignal Threat Feed — Digital Publications by Supsystic 1.6.9","version":"https://jsonfeed.org/version/1.1"}