PT-2019-18642 · Cantemo · Cantemo Portal

Published

2019-04-10

Updated

2019-09-27

CVE-2019-7551

CVSS v3.1

9.0

Critical

Vector

AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Cantemo Portal versions prior to 3.2.13 Cantemo Portal versions 3.3.x prior to 3.3.8 Cantemo Portal versions 3.4.x prior to 3.4.9

Description The issue allows for cross-site scripting (XSS), which can be leveraged to perform actions as users, including those with administrative privileges. This could enable actions such as account creation and deletion, as well as the deletion of information within the application.

Recommendations For Cantemo Portal versions prior to 3.2.13, update to version 3.2.13 or later. For Cantemo Portal versions 3.3.x prior to 3.3.8, update to version 3.3.8 or later. For Cantemo Portal versions 3.4.x prior to 3.4.9, update to version 3.4.9 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2019-7551

Affected Products

Cantemo Portal

PT-2019-18642 · Cantemo · Cantemo Portal

CVE-2019-7551

Weakness Enumeration

Related Identifiers

Affected Products

References · 6