PT-2019-18643 · Php Scripts Mall · Php Scripts Mall Investment Mlm

Publicado

2019-06-06

Atualizado

2020-04-21

CVE-2019-7552

CVSS v3.1

5.4

Média

Vetor

AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions PHP Scripts Mall Investment MLM Software version 2.0.2

Description An issue was discovered due to a lack of sanitization in the Edit Name section of the My Profile Section, leading to stored XSS.

Recommendations For PHP Scripts Mall Investment MLM Software version 2.0.2, consider sanitizing user input in the Edit Name section of the My Profile Section to prevent stored XSS attacks. As a temporary workaround, restrict access to the My Profile Section until a proper fix is applied.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2019-7552

Produtos afetados

Php Scripts Mall Investment Mlm

PT-2019-18643 · Php Scripts Mall · Php Scripts Mall Investment Mlm

CVE-2019-7552

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4