PT-2018-9334 · Floodlight · Floodlight

Published

2018-04-18

Updated

2018-05-21

CVE-2018-1000163

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Floodlight versions 1.2 and earlier

Description The issue is related to a Cross Site Scripting (XSS) vulnerability in the web console, which can lead to javascript injections into the web page. This can be exploited when the victim browses the web console.

Recommendations For versions 1.2 and earlier, update to a version that contains a fix for this issue to prevent javascript injections. As a temporary workaround, consider restricting access to the web console to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-1000163

Affected Products

Floodlight

PT-2018-9334 · Floodlight · Floodlight

CVE-2018-1000163

Weakness Enumeration

Related Identifiers

Affected Products

References · 3