Stored Cross-Site Scripting Vulnerability in iScripts EasyCreate by iScripts
CVE-2018-9236

5.4MEDIUM

Key Information:

Vendor: Iscripts
Status: Easycreate
Vendor: CVE Published:; 4 April 2018

Badges

👾 Exploit Exists

What is CVE-2018-9236?

The iScripts EasyCreate 3.2.1 has a vulnerability that allows attackers to execute arbitrary JavaScript code by manipulating the 'Site title' field. This stored XSS flaw could enable unauthorized access to user data and various actions on behalf of the legitimate user, creating significant risks to web application security. Implementing proper data sanitization and validation measures is essential to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://pastebin.com/Amw08sAj

x_refsource_MISC

https://www.exploit-db.com/exploits/44436/

exploitx_refsource_EXPLOIT-DB

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

🟡
Public PoC available
Apr 4, 2018
👾
Exploit known to exist
Apr 4, 2018
Vulnerability published
Apr 4, 2018
Vulnerability Reserved
Apr 3, 2018

JSON

Iscripts