vendor:
N/A
by:
WCuestas, Chelano, Perverths0, SeguridadBlanca READERS, Exploit-DB
7.5
CVSS
HIGH
Cross-Site Scripting (XSS)
79
CWE
Product Name: N/A
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
Unknown
PoC: XSS in Installation File
The web application is vulnerable to XSS in its installation file. An attacker can post data without any security, allowing them to put malicious code in the host textbox on the install.php?step=2 page. This malicious code can then be executed, allowing for path disclosure.
Mitigation:
Input validation should be used to prevent malicious code from being executed.