HighPortal 12.5 Cross Site Scripting Vulnerability

🗓️ 16 Oct 2018 00:00:00Reported by Ali AbdollahiType

zdt🔗 0day.today👁 41 Views

HighPortal 12.5 Cross Site Scripting Vulnerability on Aryanic HighPortal version 12.5 via an Add Tags action

Reporter	Title	Published	Views	Family All 18
Circl	CVE-2018-17694	16 Oct 201820:10	–	circl
CNVD	Aryanic HighPortal Cross-Site Scripting Vulnerability	19 Oct 201800:00	–	cnvd
CNVD	Foxit Reader and Foxit PhantomPDF for Windows Memory Misreference Vulnerability (CNVD-2018-25201)	17 Oct 201800:00	–	cnvd
CVE	CVE-2018-17694	24 Jan 201904:00	–	cve
CVE	CVE-2018-17964	17 Oct 201814:00	–	cve
Cvelist	CVE-2018-17694	24 Jan 201904:00	–	cvelist
Cvelist	CVE-2018-17964	17 Oct 201814:00	–	cvelist
EUVD	EUVD-2018-9441	7 Oct 202500:30	–	euvd
EUVD	EUVD-2018-9704	7 Oct 202500:30	–	euvd
NVD	CVE-2018-17694	24 Jan 201904:29	–	nvd

Vulnerable Product: HighPortal
Affected version: 12.5
Vulnerability Type: XSS
CVE: CVE-2018-17964


CWE: CWE-79
Credit: Ali Abdollahi
Remote: Yes
Description:XSS vulnerability on Aryanic HighPortal  version 12.5 via an Add Tags action.Contact: https://twitter.com/aliabdollahi2

References: - https://example.com/directory.php?id=51622199%3Cscript%3Ealert(1)%3C/script%3E&page=something.php- http://i63.tinypic.com/30mofax.png

#  0day.today [2018-10-18]  #

16 Oct 2018 00:00Current

0.3Low risk

Vulners AI Score0.3

EPSS0.00424