Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 25/04/2018 Updated: 25/05/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

An issue exists in the Users (aka Front-end user management) plugin 1.4.5 for October CMS. XSS exists in the name field.

Vulnerable Product	Search on Vulmon	Subscribe to Product
user project user 1.4.5

# Exploit Title: October CMS User Plugin v145 - Persistent Cross-Site Scripting # Date: 2018-04-03 # Author: 0xB9 # Software Link: octobercmscom/plugin/rainlab-user # Version: 145 # Tested on: Ubuntu 1710 # CVE: CVE-2018-10366 #1 Description: Front-end user management for October CMS Allows visitors to create a website #2 Proof ...

October CMS User plugin version 145 suffers from a persistent cross site scripting vulnerability ...

CWE-79 https://github.com/rainlab/user-plugin/commit/098c2bc907443d67e9e18645f850e3de42941d20 https://www.exploit-db.com/exploits/44546/https://nvd.nist.gov https://www.exploit-db.com/exploits/44546/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2018-10366

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect