PT-2018-10791 · Ximdex · Ximdex
Hearyo
·
Publicado
2018-06-05
·
Atualizado
2018-07-23
·
CVE-2018-11735
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Ximdex version 4.0
Description
The issue concerns an XSS vulnerability. It can be triggered via the "index.php?action=createaccount" endpoint, specifically through the
sname or fname parameters.Recommendations
For Ximdex version 4.0, consider restricting access to the "index.php?action=createaccount" endpoint until a patch is available, and avoid using the
sname or fname parameters in this endpoint to minimize the risk of exploitation.Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ximdex