tianti 2.3 has stored XSS in the userlist module via the tianti-module-admin/user/ajax/save_role name parameter, which is mishandled in tianti-module-admin\src\main\webapp\WEB-INF\views\user\user_list.jsp.
References
Link | Resource |
---|---|
https://github.com/xujeff/tianti/issues/27 | Exploit Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2018-11-07T19:00:00
Updated: 2018-11-07T19:57:01
Reserved: 2018-11-07T00:00:00
Link: CVE-2018-19089
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-11-07T19:29:00.433
Modified: 2018-12-11T16:29:21.293
Link: CVE-2018-19089
JSON object: View
Redhat Information
No data.
CWE