PT-2018-11094 · Ximdex · Ximdex
Whitehat001
·
Publicado
2018-06-13
·
Atualizado
2018-08-02
·
CVE-2018-12273
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Ximdex version 4.0
Description
The issue concerns a security problem where the /edit URI in the DMS component is vulnerable to XSS attacks. This can be exploited via the
Ciudad or Nombre parameter.Recommendations
For Ximdex version 4.0, consider restricting access to the /edit URI in the DMS component to minimize the risk of exploitation. Avoid using the
Ciudad or Nombre parameter in the affected API endpoint until the issue is resolved.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ximdex