HighPortal 12.5 Cross Site Scripting

HighPortal version 12.5 suffers from a cross site scripting vulnerability.


MD5 | 96715aa5c1d78769498c9dadfc961a89

Vulnerable Product: HighPortal
Affected version: 12.5
Vulnerability Type: XSS
CVE: CVE-2018-17964


CWE: CWE-79
Credit: Ali Abdollahi
Remote: Yes
Description:XSS vulnerability on Aryanic HighPortal version 12.5 via an Add Tags action.Contact: https://twitter.com/aliabdollahi2

References: - https://example.com/directory.php?id=51622199%3Cscript%3Ealert(1)%3C/script%3E&page=something.php- http://i63.tinypic.com/30mofax.png


Related Posts