Cross-Site Scripting in Composr CMS by Composr Solutions
CVE-2018-6518

4.8MEDIUM

Key Information:

Vendor: Compo
Status: Composr Cms
Vendor: CVE Published:; 26 April 2018

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2018-6518?

Composr CMS version 10.0.13 is vulnerable to a Cross-Site Scripting (XSS) attack. Specifically, an issue exists in the administration setup wizard where the 'site_name' parameter can be exploited through a crafted request to the '/adminzone/index.php' endpoint. This flaw allows attackers to inject malicious scripts into web pages viewed by other users, potentially leading to unauthorized access and data compromise. Proper input validation and encoding mechanisms are recommended to mitigate this vulnerability.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

Composr-CMS-10.0.13-Cross-Site-Scripting-XSS
Created by faizzaidi

References

https://github.com/faizzaidi/Composr-CMS-10.0.13-Cross-Si...

x_refsource_MISC

CVSS V3.1

Score:

4.8

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 26, 2018
🟡
Public PoC available
Apr 25, 2018
👾
Exploit known to exist
Apr 25, 2018
Vulnerability Reserved
Feb 1, 2018

CVE-2018-6518 Data

JSON