PT-2018-6608 · Unknown · Z-Url Preview

Published

2018-01-01

Updated

2018-01-11

CVE-2017-18012

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: Z-URL Preview plugin version 1.6.1

Description: The issue concerns a security problem where an attacker can execute malicious scripts. This is achieved through the url parameter in the class.zlinkpreview.php file.

Recommendations: For Z-URL Preview plugin version 1.6.1, consider updating to a newer version that addresses this issue, if available. As a temporary workaround, restrict access to the class.zlinkpreview.php file to minimize the risk of exploitation. Avoid using the url parameter in the affected file until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2017-18012

Affected Products

Z-Url Preview

PT-2018-6608 · Unknown · Z-Url Preview

CVE-2017-18012

Weakness Enumeration

Related Identifiers

Affected Products

References · 7