PT-2018-17692 · Infoblox · Infoblox Netmri

Published

2018-08-28

Updated

2018-11-05

CVE-2018-6643

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Infoblox NetMRI version 7.1.1

Description The issue is related to Reflected Cross-Site Scripting. It can be exploited via the "/api/docs/index.php" API endpoint, specifically through a query parameter.

Recommendations For Infoblox NetMRI version 7.1.1, consider restricting access to the "/api/docs/index.php" API endpoint until a patch is available. As a temporary workaround, avoid using the vulnerable query parameter in this endpoint to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-6643

Affected Products

Infoblox Netmri

PT-2018-17692 · Infoblox · Infoblox Netmri

CVE-2018-6643

Weakness Enumeration

Related Identifiers

Affected Products

References · 3