04 Jui 2020
Vulnérabilité CVE-2019-16385 CVE Vulnerability
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed. (CVSS:4.3) (Last Update:2020-06-05)
Vulnerability Details : Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a reflected XSS payload being executed. Publish Date : 2020-06-04 Last Update Date : 2020-06-05 - CVSS Scores & Vulnerability Types
- Products Affected By CVE-2019-16385
- Number Of Affected Versions By Product
- References For CVE-2019-16385
| |||||||||||||||||||||||||||||||||||||||||||||||||||
- Metasploit Modules Related To CVE-2019-16385There are not any metasploit modules related to this CVE entry (Please visit www.metasploit.com for more information) |