PT-2018-13997 · Spring · Springboot Authority

Echox1

Publicado

2018-09-23

Atualizado

2018-11-15

CVE-2018-17369

CVSS v3.1

4.8

Média

Vetor

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions springboot authority versions prior to 2017-03-06

Description An issue was discovered that allows stored XSS via the admin/role/edit endpoint, specifically through the roleKey, name, or description parameters.

Recommendations For versions prior to 2017-03-06, consider restricting access to the admin/role/edit endpoint until a fix is available, and avoid using the roleKey, name, or description parameters in this endpoint to minimize the risk of exploitation.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-17369

Produtos afetados

Springboot Authority

PT-2018-13997 · Spring · Springboot Authority

CVE-2018-17369

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3