PT-2018-14456 · Destoon · Destoon B2B
Published
2018-10-17
·
Updated
2018-11-29
·
CVE-2018-18430
CVSS v3.1
4.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
DESTOON B2B version 7.0
Description
An issue was discovered in the software, where the
adminsetting.inc.php file has a cross-site scripting (XSS) vulnerability via the first text box to the admin.php URI.Recommendations
For DESTOON B2B version 7.0, consider restricting access to the
admin.php URI until a fix is available, and avoid using the first text box in adminsetting.inc.php to prevent potential exploitation.Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Destoon B2B