Vulnerability CVE-2018-18551


Published: 2018-10-24

Description:
ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
ServersCheck Monitoring Software through 14.3.3 Cross Site Scripting
hyp3rlinx
29.10.2018

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

Vendor: Serverscheck
Product: Monitoring software 
Version: 14.3.3;

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://hyp3rlinx.altervista.org/advisories/CVE-2018-18551-SERVERSCHECK-MONITORING-SOFTWARE-CROSS-SITE-SCRIPTING.txt
http://packetstormsecurity.com/files/149914/ServersCheck-Monitoring-Software-14.3.3-Cross-Site-Scripting.html

Related CVE
CVE-2018-18552
ServersCheck Monitoring Software through 14.3.3 allows local users to cause a denial of service (menu functionality loss) by creating an LNK file that points to a second LNK file, if this second LNK file is associated with a Start menu. Ultimately, t...
CVE-2018-18550
ServersCheck Monitoring Software before 14.3.4 allows SQL Injection by an authenticated user.
CVE-2005-1798
Directory traversal vulnerability in ServersCheck Monitoring Software 5.9.0 to 5.10.0 allows remote attackers to read arbitrary files via .. (dot dot) sequences in an HTTP request.

Copyright 2019, cxsecurity.com

 

Back to Top