CVE-2019-8938

VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter.
References
Link Resource
http://packetstormsecurity.com/files/151800/VertrigoServ-2.17-Cross-Site-Scripting.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2019/Feb/47 Exploit Mailing List Third Party Advisory
https://sourceforge.net/p/vertrigo/news/ Release Notes Third Party Advisory
http://packetstormsecurity.com/files/151800/VertrigoServ-2.17-Cross-Site-Scripting.html Exploit Third Party Advisory VDB Entry
http://seclists.org/fulldisclosure/2019/Feb/47 Exploit Mailing List Third Party Advisory
https://sourceforge.net/p/vertrigo/news/ Release Notes Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:vertrigoserv_project:vertrigoserv:2.17:*:*:*:*:*:*:*

History

21 Nov 2024, 04:50

Type Values Removed Values Added
References () http://packetstormsecurity.com/files/151800/VertrigoServ-2.17-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry () http://packetstormsecurity.com/files/151800/VertrigoServ-2.17-Cross-Site-Scripting.html - Exploit, Third Party Advisory, VDB Entry
References () http://seclists.org/fulldisclosure/2019/Feb/47 - Exploit, Mailing List, Third Party Advisory () http://seclists.org/fulldisclosure/2019/Feb/47 - Exploit, Mailing List, Third Party Advisory
References () https://sourceforge.net/p/vertrigo/news/ - Release Notes, Third Party Advisory () https://sourceforge.net/p/vertrigo/news/ - Release Notes, Third Party Advisory

Information

Published : 2019-03-21 16:01

Updated : 2024-11-21 04:50


NVD link : CVE-2019-8938

Mitre link : CVE-2019-8938

CVE.ORG link : CVE-2019-8938


JSON object : View

Products Affected

vertrigoserv_project

  • vertrigoserv
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')