PT-2018-14916 · Kimsq · Kimsq Rb
Laolisafe
·
Published
2018-11-17
·
Updated
2018-12-17
·
CVE-2018-19324
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
kimsQ Rb version 2.3.0
Description
The issue allows for XSS via the second input field to the "/?r=home&mod=mypage&page=info" API endpoint.
Recommendations
For version 2.3.0, consider restricting access to the "/?r=home&mod=mypage&page=info" API endpoint until a patch is available. As a temporary workaround, avoid using the second input field in this endpoint to minimize the risk of exploitation.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kimsq Rb