HighPortal 12.5 Cross Site Scripting

🗓️ 16 Oct 2018 00:00:00Reported by Ali AbdollahiType

packetstorm🔗 packetstormsecurity.com👁 47 Views

Vulnerability in HighPortal 12.

Reporter	Title	Published	Views	Family All 17
0day.today	HighPortal 12.5 Cross Site Scripting Vulnerability	16 Oct 201800:00	–	zdt
Circl	CVE-2018-17694	16 Oct 201820:10	–	circl
CNVD	Aryanic HighPortal Cross-Site Scripting Vulnerability	19 Oct 201800:00	–	cnvd
CNVD	Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-25201)	17 Oct 201800:00	–	cnvd
CVE	CVE-2018-17694	24 Jan 201904:00	–	cve
CVE	CVE-2018-17964	17 Oct 201814:00	–	cve
Cvelist	CVE-2018-17694	24 Jan 201904:00	–	cvelist
Cvelist	CVE-2018-17964	17 Oct 201814:00	–	cvelist
EUVD	EUVD-2018-9441	7 Oct 202500:30	–	euvd
EUVD	EUVD-2018-9704	7 Oct 202500:30	–	euvd

`Vulnerable Product: HighPortal  
Affected version: 12.5  
Vulnerability Type: XSS  
CVE: CVE-2018-17964  
  
  
CWE: CWE-79  
Credit: Ali Abdollahi  
Remote: Yes  
Description:XSS vulnerability on Aryanic HighPortal version 12.5 via an Add Tags action.Contact: https://twitter.com/aliabdollahi2  
  
References: - https://example.com/directory.php?id=51622199%3Cscript%3Ealert(1)%3C/script%3E&page=something.php- http://i63.tinypic.com/30mofax.png  
  
`

16 Oct 2018 00:00Current

0.2Low risk

Vulners AI Score0.2

EPSS0.00424