Lucene search

CVE-2018-19525

🗓️ 21 Mar 2019 16:31:00Reported by mitreType

cve🔗 web.nvd.nist.gov👁 39 Views🌐 WEB

An XSS and CSRF vulnerability in Systrome ISG device

Reporter	Title	Published	Views	Family All 5
Cvelist	CVE-2018-19525	17 Mar 201918:43	–	cvelist
Packet Storm	SYSTORME ISG Cross Site Request Forgery	13 Feb 201900:00	–	packetstorm
0day.today	SYSTORME ISG Cross Site Request Forgery Vulnerability	13 Feb 201900:00	–	zdt
Prion	Cross site request forgery (csrf)	21 Mar 201916:00	–	prion
NVD	CVE-2018-19525	21 Mar 201916:00	–	nvd

Nvd

Node

systrome cumilon_isg-600c_firmwareMatch1.1-r2.1

AND

systrome cumilon_isg-600cMatch-

Node

systrome cumilon_isg-600h_firmwareMatch1.1-r2.1

AND

systrome cumilon_isg-600hMatch-

Node

systrome cumilon_isg-800w_firmwareMatch1.1-r2.1

AND

systrome cumilon_isg-800wMatch-

Source	Link
packetstormsecurity	www.packetstormsecurity.com/files/151647/SYSTORME-ISG-Cross-Site-Request-Forgery.html
breakthesec	www.breakthesec.com/2019/02/cve-2018-19525-account-takeover-via.html
s3curityb3ast	www.s3curityb3ast.github.io/KSA-Dev-002.md
seclists	www.seclists.org/fulldisclosure/2019/Feb/31

Parameter	Position	Path	Description	CWE
name	request body	/ui/?g=obj_keywords_add	CSRF vulnerability leading to XSS and account takeover.	CWE-79, CWE-352
description	request body	/ui/?g=obj_keywords_add	CSRF vulnerability leading to XSS and account takeover.	CWE-79, CWE-352
NewLine;confirm(1338);</script </svg>	request body	/ui/?g=obj_keywords_add	CSRF vulnerability leading to XSS and account takeover.	CWE-79, CWE-352
keyword	request body	/ui/?g=obj_keywords_add	CSRF vulnerability leading to XSS and account takeover.	CWE-79, CWE-352
submit_post	request body	/ui/?g=obj_keywords_add	CSRF vulnerability leading to XSS and account takeover.	CWE-79, CWE-352
name	request body	/ui/?g=obj_keywords_addsave	CSRF vulnerability leading to XSS and account takeover.	CWE-79, CWE-352
description	request body	/ui/?g=obj_keywords_addsave	CSRF vulnerability leading to XSS and account takeover.	CWE-79, CWE-352
NewLine;confirm(1338);</script </svg>	request body	/ui/?g=obj_keywords_addsave	CSRF vulnerability leading to XSS and account takeover.	CWE-79, CWE-352
keyword	request body	/ui/?g=obj_keywords_addsave	CSRF vulnerability leading to XSS and account takeover.	CWE-79, CWE-352
submit_post	request body	/ui/?g=obj_keywords_addsave	CSRF vulnerability leading to XSS and account takeover.	CWE-79, CWE-352

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Mar 2019 16:00Current

6Medium risk

Vulners AI Score6

CVSS24.3

CVSS36.1

EPSS0.00584