PT-2018-9590 · Webid · Webid

Nils Stünkel

Published

2018-12-20

Updated

2019-01-07

CVE-2018-1000868

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: WeBid versions up to 1.2.2

Description: The issue allows for Javascript execution in the user's browser and injection of malicious markup into the page due to a Cross Site Scripting (XSS) vulnerability in files such as user login.php and register.php. This can be exploited when a victim user clicks a malicious link.

Recommendations: For WeBid versions up to 1.2.2, update to a version that includes the fix committed after 256a5f9d3eafbc477dcf77c7682446cc4b449c7f to resolve the issue. As a temporary workaround, consider avoiding clicks on suspicious links to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-1000868

Affected Products

Webid

PT-2018-9590 · Webid · Webid

CVE-2018-1000868

Weakness Enumeration

Related Identifiers

Affected Products

References · 6