PT-2018-9703 · Iscripts · Iscripts Uberforx

Manhnho

Published

2018-04-16

Updated

2018-05-21

CVE-2018-10136

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions: iScripts UberforX version 2.2

Description: The issue concerns a Stored XSS in the manage settings section of the Admin Panel. This occurs via a value field to the "/cms?section=manage settings&action=edit" API endpoint.

Recommendations: For iScripts UberforX version 2.2, as a temporary workaround, consider restricting access to the manage settings section of the Admin Panel until a patch is available. Avoid using the value field in the affected API endpoint until the issue is resolved.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2018-10136

Affected Products

Iscripts Uberforx

PT-2018-9703 · Iscripts · Iscripts Uberforx

CVE-2018-10136

Weakness Enumeration

Related Identifiers

Affected Products

References · 3