cve/CVE-2018-17830.md at 7482ec4521a75dd13882dc1283f17009c936e974

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-28 01:04:30 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). The attacker can insert XSS payloads via an index.php?page=mediapool/media&opener_input_field=&args[ substring.

POC

Reference

https://github.com/redaxo/redaxo4/issues/421
https://github.com/redaxo/redaxo4/issues/421

Github

No PoCs found on GitHub currently.

789 B Raw Blame History

CVE-2018-17830

Description

POC

Reference

Github

789 B

Raw Blame History