PT-2018-9452 · Ocs Inventory · Ocs Inventory Ng

Simon Bieber

Published

2018-06-26

Updated

2018-08-20

CVE-2018-1000557

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions OCS Inventory NG version ocsreports 2.4

Description The issue concerns a Cross Site Scripting (XSS) vulnerability in the login form and search functionality. This allows an attacker to execute arbitrary JavaScript code within a victim's browser. The attack is exploitable if the victim opens a crafted link to the application.

Recommendations For OCS Inventory NG version ocsreports 2.4, update to version 2.4.1 to resolve the issue.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-1000557

Affected Products

Ocs Inventory Ng

PT-2018-9452 · Ocs Inventory · Ocs Inventory Ng

CVE-2018-1000557

Weakness Enumeration

Related Identifiers

Affected Products

References · 10