PT-2019-10137 · Php Scripts Mall · Php Scripts Mall Entrepreneur Job Portal Script

Publicado

2019-03-20

Atualizado

2019-03-26

CVE-2018-20640

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: PHP Scripts Mall Entrepreneur Job Portal Script version 3.0.1

Description: The issue concerns stored Cross-Site Scripting (XSS) that can be triggered via the Full Name field. This allows an attacker to inject malicious scripts into the application, potentially leading to unauthorized actions on behalf of other users.

Recommendations: For PHP Scripts Mall Entrepreneur Job Portal Script version 3.0.1, consider validating and sanitizing user input in the Full Name field to prevent XSS attacks. As a temporary workaround, restrict the ability to input HTML or JavaScript code in this field until a proper fix is implemented.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-20640

Produtos afetados

Php Scripts Mall Entrepreneur Job Portal Script

PT-2019-10137 · Php Scripts Mall · Php Scripts Mall Entrepreneur Job Portal Script

CVE-2018-20640

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3