26 Juil 2019
Vulnérabilité CVE-2019-14228 CVE Vulnerability
Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the unsanitized username will reflect via the error page. Due to the lack of CSRF protection on the admin/includes/adminprocess.php endpoint, an attacker is able to chain the XSS with CSRF in order to cause remote exploitation. (CVSS:0.0) (Last Update:2019-07-26)
Vulnerability Details : Xavier PHP Management Panel 3.0 is vulnerable to Reflected POST-based XSS via the username parameter when registering a new user at admin/includes/adminprocess.php. If there is an error when registering the user, the unsanitized username will reflect via the error page. Due to the lack of CSRF protection on the admin/includes/adminprocess.php endpoint, an attacker is able to chain the XSS with CSRF in order to cause remote exploitation. Publish Date : 2019-07-26 Last Update Date : 2019-07-26 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2019-14228
- References For CVE-2019-14228
| |||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2019-14228There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |