PT-2019-14683 · Unknown · Broken Link Checker

Published

2019-10-16

Updated

2019-10-18

CVE-2019-16521

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Broken Link Checker versions through 1.11.8

Description The issue arises from improper encoding and insertion of an HTTP GET parameter into HTML, leading to Reflected XSS. The filter function on the page listing all detected broken links can be exploited by providing an XSS payload in the s filter GET parameter in a filter id=search request.

Recommendations For versions through 1.11.8, consider disabling the filter function on the broken links page until a resolution is available, as this product has reached its end-of-life and no further updates are expected.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-16521

Affected Products

Broken Link Checker

PT-2019-14683 · Unknown · Broken Link Checker

CVE-2019-16521

Weakness Enumeration

Related Identifiers

Affected Products

References · 6