Vulnerability CVE-2018-20837


Published: 2019-05-09   Modified: 2019-05-10

Description:
include/admin/Menu/Ajax.php in Typesetter 5.1 has index.php/Admin/Menu/Ajax?cmd=AddHidden title XSS.

Type:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
3.5/10
2.9/10
6.8/10
Exploit range
Attack complexity
Authentication
Remote
Medium
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None
Affected software
Typesettercms -> Typesetter 

 References:
https://github.com/Typesetter/Typesetter/commit/fd637e2919e7f77c498a91a8e9d353f8e12afc9a
https://www.netsparker.com/web-applications-advisories/ns-18-026-reflected-cross-site-scripting-in-typesetter/

Copyright 2024, cxsecurity.com

 

Back to Top