PT-2017-15037 · Serverscheck · Serverscheck Monitoring
Publicado
2017-12-22
·
Atualizado
2018-01-17
·
CVE-2017-17832
CVSS v3.1
5.4
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ServersCheck Monitoring Software versions prior to 14.2.3
Description
The issue arises from the lack of validation and sanitization of user-supplied data passed in the
settings SMS ALERT TYPE parameter. This allows JavaScript to be executed on the "Settings - SMS Alerts" page, specifically on settings-save.html.Recommendations
For versions prior to 14.2.3, update to version 14.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings-save.html page or avoiding the use of the
settings SMS ALERT TYPE parameter until the update is applied.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Serverscheck Monitoring