cnvd - cnvd-2018-04552

CNVD-2018-04552

Vulnerability from cnvd - Published: 2018-03-07

Title

PHP Scripts Mall Hot Scripts Clone Script Classified 跨站脚本漏洞

Description

PHP Scripts Mall Hot Scripts Clone Script Classified是印度PHP Scripts Mall公司的一套基于PHP的信息发布网站脚本。 PHP Scripts Mall Hot Scripts Clone Script Classified 3.1版本中的review section存在跨站脚本漏洞。远程攻击者可借助title或description字段利用该漏洞注入任意的Web脚本或HTML。

Severity

低

Formal description

目前厂商暂未发布修复措施解决此安全问题，建议使用此软件的用户随时关注厂商主页或参考网址以获取解决办法： https：//www.phpscriptsmall.com/

Reference

https://www.exploit-db.com/exploits/43991/

Impacted products

Name
PHP Scripts Mall Hot Scripts Clone Script Classified 3.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-6878"
    }
  },
  "description": "PHP Scripts Mall Hot Scripts Clone Script Classified\u662f\u5370\u5ea6PHP Scripts Mall\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8ePHP\u7684\u4fe1\u606f\u53d1\u5e03\u7f51\u7ad9\u811a\u672c\u3002\r\n\r\nPHP Scripts Mall Hot Scripts Clone Script Classified 3.1\u7248\u672c\u4e2d\u7684review section\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u501f\u52a9title\u6216description\u5b57\u6bb5\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u4efb\u610f\u7684Web\u811a\u672c\u6216HTML\u3002",
  "discovererName": "Prasenjit Kanti Paul",
  "formalWay": "\u76ee\u524d\u5382\u5546\u6682\u672a\u53d1\u5e03\u4fee\u590d\u63aa\u65bd\u89e3\u51b3\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u6216\u53c2\u8003\u7f51\u5740\u4ee5\u83b7\u53d6\u89e3\u51b3\u529e\u6cd5\uff1a\r\nhttps\uff1a//www.phpscriptsmall.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-04552",
  "openTime": "2018-03-07",
  "products": {
    "product": "PHP Scripts Mall Hot Scripts Clone Script Classified 3.1"
  },
  "referenceLink": "https://www.exploit-db.com/exploits/43991/",
  "serverity": "\u4f4e",
  "submitTime": "2018-02-26",
  "title": "PHP Scripts Mall Hot Scripts Clone Script Classified \u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2018-6878 (GCVE-0-2018-6878)

Vulnerability from cvelistv5 – Published: 2018-02-09 18:00 – Updated: 2024-09-17 01:36

Summary

Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

https://www.exploit-db.com/exploits/43991/

exploitx_refsource_EXPLOIT-DB

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:17:16.678Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "43991",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/43991/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-02-09T18:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "43991",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/43991/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-6878",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "43991",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/43991/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-6878",
    "datePublished": "2018-02-09T18:00:00Z",
    "dateReserved": "2018-02-09T00:00:00Z",
    "dateUpdated": "2024-09-17T01:36:33.521Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2018-04552

CVE-2018-6878 (GCVE-0-2018-6878)

Tags

Sightings

Nomenclature