PT-2018-12222 · Ytakkar · Ytakkar Instagram-Clone

L0Rd

Published

2018-07-10

Updated

2018-09-05

CVE-2018-13849

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions yTakkar Instagram-clone through 2018-04-23

Description The issue is related to inadequate XSS protection based on preg replace, allowing for XSS via an onmouseover payload in the edit requests.php file.

Recommendations For yTakkar Instagram-clone through 2018-04-23, consider implementing a more robust XSS protection mechanism to prevent such attacks. As a temporary workaround, restrict access to the edit requests.php file to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-13849

Affected Products

Ytakkar Instagram-Clone

PT-2018-12222 · Ytakkar · Ytakkar Instagram-Clone

CVE-2018-13849

Weakness Enumeration

Related Identifiers

Affected Products

References · 4