cnvd - cnvd-2018-05987

cnvd-2018-05987

Vulnerability from cnvd

Title: PHP Scripts Mall Hot Scripts Clone:Script Classified跨站脚本漏洞

Description:

PHP Scripts Mall Hot Scripts Clone:Script Classified是印度PHP Scripts Mall公司的一套基于PHP的分类信息发布脚本。

PHP Scripts Mall Hot Scripts Clone:Script Classified 3.1版本中的Add New功能存在跨站脚本漏洞，该漏洞源于程序未能过滤‘name’参数中用户提交的输入。远程攻击者可利用该漏洞注入恶意的JavaScript代码。

Severity: 中

Formal description:

目前没有详细的解决方案提供： https://www.phpscriptsmall.com/product/hot-scripts-clone-script-classified/

Reference: https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-hot-scripts.html

Impacted products

Name
PHP Scripts Mall Hot Scripts Clone:Script Classified 3.1

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-7650"
    }
  },
  "description": "PHP Scripts Mall Hot Scripts Clone:Script Classified\u662f\u5370\u5ea6PHP Scripts Mall\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8ePHP\u7684\u5206\u7c7b\u4fe1\u606f\u53d1\u5e03\u811a\u672c\u3002\r\n\r\nPHP Scripts Mall Hot Scripts Clone:Script Classified 3.1\u7248\u672c\u4e2d\u7684Add New\u529f\u80fd\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u8fc7\u6ee4\u2018name\u2019\u53c2\u6570\u4e2d\u7528\u6237\u63d0\u4ea4\u7684\u8f93\u5165\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u6ce8\u5165\u6076\u610f\u7684JavaScript\u4ee3\u7801\u3002",
  "discovererName": "unknown",
  "formalWay": "\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\nhttps://www.phpscriptsmall.com/product/hot-scripts-clone-script-classified/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2018-05987",
  "openTime": "2018-03-22",
  "products": {
    "product": "PHP Scripts Mall Hot Scripts Clone:Script Classified 3.1"
  },
  "referenceLink": "https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-hot-scripts.html",
  "serverity": "\u4e2d",
  "submitTime": "2018-03-08",
  "title": "PHP Scripts Mall Hot Scripts Clone:Script Classified\u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e"
}

CVE-2018-7650 (GCVE-0-2018-7650)

Vulnerability from cvelistv5

Published

2018-03-06 15:00

Modified

2024-08-05 06:31

Severity ?

CWE

Summary

PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User. Within the "Add New" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript code to the user's browser. This is different from CVE-2018-6878.

References

▼	URL	Tags
	https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-hot-scripts.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:31:04.971Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-hot-scripts.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-03-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the \"Add New\" function for a Management User. Within the \"Add New\" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript code to the user\u0027s browser. This is different from CVE-2018-6878."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-03-06T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-hot-scripts.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2018-7650",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the \"Add New\" function for a Management User. Within the \"Add New\" section, the application does not sanitize user supplied input to the name parameter, and renders injected JavaScript code to the user\u0027s browser. This is different from CVE-2018-6878."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-hot-scripts.html",
              "refsource": "MISC",
              "url": "https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-hot-scripts.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-7650",
    "datePublished": "2018-03-06T15:00:00",
    "dateReserved": "2018-03-02T00:00:00",
    "dateUpdated": "2024-08-05T06:31:04.971Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted