Lucene search
Numan OZDEMIRPACKETSTORM:149898HistoryOct 22, 2018 - 12:00 a.m.
AjentiCP 1.2.23.13 Cross Site Scripting
2018-10-2200:00:00
Numan OZDEMIR
packetstormsecurity.com
29
0.001 Low
EPSS
Percentile
50.2%
`[+] Title: AjentiCP Dir Name Based Stored XSS <= v1.2.23.13
[+] Author: Numan OZDEMIR (https://infinitumit.com.tr)
[+] Vendor Homepage: ajenti.org
[+] Version: Up to v1.2.23.13
[+] CVE: CVE-2018-18548
[+] Discovered by Numan OZDEMIR in InfinitumIT Labs
[+] [email protected] - [email protected]
[~] Description:
Attacker can inject JavaScript codes without Ajenti privileges by this
vulnerabillity.
Normally an attacker cant intervene to Ajenti without Ajenti privileges.
But with this vulnerability, if attacker can create a folder (may be by
a web app vulnerability) he can run
bad-purposed JavaScript codes on Ajenti user's browser, while the user
using File Manager tool.
So this vulnerability makes high risk.
[~] How to Reproduce:
1)- Create a directory as named xss payload. Like, im<img src
onerror=alert(1337)>dir
2)- Open this directory in File Manager tool in Ajenti server admin
panel.
// for secure days...
`
Related
zdt
zdt
AjentiCP 1.2.23.13 - Cross-Site Scripting Vulnerability
2018-10-25 00:00:00
AjentiCP 1.2.23.13 Cross Site Scripting Vulnerability
2018-10-23 00:00:00
exploitpack
exploitpack
AjentiCP 1.2.23.13 - Cross-Site Scripting
2018-10-25 00:00:00
prion
prion
Design/Logic Flaw
2018-10-24 21:29:00
cve
cve
CVE-2018-18548
2018-10-24 21:29:00
osv
osv
PYSEC-2018-107
2018-10-24 21:29:00
Ajenti Cross-site Scripting Via Filename
2022-05-14 01:52:20
github
github
Ajenti Cross-site Scripting Via Filename
2022-05-14 01:52:20
exploitdb
exploitdb
AjentiCP 1.2.23.13 - Cross-Site Scripting
2018-10-25 00:00:00