PT-2018-10092 · Synametrics · Synaman

Bzyo

Published

2018-09-14

Updated

2018-11-09

CVE-2018-10763

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Synametrics SynaMan version 4.0 build 1488

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities can be exploited via the Main heading or Sub heading fields in the Partial Branding configuration page.

Recommendations For Synametrics SynaMan version 4.0 build 1488, consider restricting access to the Partial Branding configuration page until a fix is available. As a temporary workaround, avoid using the Main heading and Sub heading fields in the Partial Branding configuration page to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-10763

Affected Products

Synaman

PT-2018-10092 · Synametrics · Synaman

CVE-2018-10763

Weakness Enumeration

Related Identifiers

Affected Products

References · 4