Cross Site Scripting Vulnerability in Easymon by Basecamp
CVE-2018-1000855

6.1MEDIUM

Key Information:

Vendor

Basecamp

Status
Easymon
Vendor
CVE Published:
20 December 2018

What is CVE-2018-1000855?

Easymon versions 1.4 and earlier are susceptible to a Cross Site Scripting (XSS) vulnerability located in the Endpoint monitoring section. This vulnerability enables attackers to launch Reflected XSS attacks, primarily affecting Firefox users. Attackers can exploit this vulnerability by tricking victims into clicking on specially crafted URLs containing the XSS payload. Exploiting this flaw may allow an attacker to steal cookies, contingent on the target's cookie settings. Users are encouraged to update to Easymon version 1.4.1 or later, where this issue has been addressed.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/basecamp/easymon/pull/25
x_refsource_MISC
https://github.com/basecamp/easymon/issues/26
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.