PT-2018-12770 · Php · Php Template Store Script

Sarafraz Khan

Publicado

2018-08-06

Atualizado

2024-02-14

CVE-2018-14869

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PHP Template Store Script version 3.0.6

Description The issue allows for cross-site scripting (XSS) attacks through specific fields in a user's profile, including the Address line 1, Address Line 2, Bank name, or A/C Holder name field.

Recommendations For PHP Template Store Script version 3.0.6, consider validating and sanitizing user input for the Address line 1, Address Line 2, Bank name, and A/C Holder name fields to prevent XSS attacks. As a temporary workaround, restrict the use of these fields until a proper fix is applied.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-14869

Produtos afetados

Php Template Store Script

PT-2018-12770 · Php · Php Template Store Script

CVE-2018-14869

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4