CVE

CVE-2018-17090

Date: (C)2018-09-17   (M)2023-12-22

An issue was discovered in DonLinkage 6.6.8. The modules /pages/bazy/bazy_adresow.php and /pages/proxy/add.php are vulnerable to stored XSS that can be triggered by closing followed by <script></script> tags.</p><a id='hideExpand' onclick='showCVSS();' style='color:#08549c;cursor:pointer;font-size:14px;'><b style='font-size:13px'><u>CVSS Score and Metrics </u>+</b></a><a id='hideCollapse' onclick='showCVSS();' style='color:#08549c;cursor:pointer;font-size:14px;'><b style='font-size:13px'><u>CVSS Score and Metrics </u>-</b></a><p></p><table id='hideTable' cellspacing='3' cellpadding='0' border='0' align='left' style='color:#08549C;'><tr><td colspan='2' width='440px'><b style='font-size:13px'>CVSS V3 Severity:</b></td><td colspan = '2' width='320px' align = 'left' valign = 'top'><b style='font-size:13px'>CVSS V2 Severity:</b></td></tr><tr><td colspan='2' width='440px'>CVSS Score : 5.4</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>CVSS Score : 3.5</td></tr><tr><td colspan='2' width='440px'>Exploit Score: 2.3</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Exploit Score: 6.8</td></tr><tr><td colspan='2' width='440px'>Impact Score: 2.7</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Impact Score: 2.9</td></tr><tr><td> </td></tr><tr><td colspan='2' width='440px'><b style='font-size:13px'>CVSS V3 Metrics:</b></td><td colspan = '2' width='320px' align = 'left' valign = 'top'><b style='font-size:13px'>CVSS V2 Metrics:</b></td></tr><tr><td colspan='2' width='440px'>Attack Vector: NETWORK</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Access Vector: NETWORK</td></tr><tr><td colspan='2' width='440px'>Attack Complexity: LOW</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Access Complexity: MEDIUM</td></tr><tr><td colspan='2' width='440px'>Privileges Required: LOW</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Authentication: SINGLE</td></tr><tr><td colspan='2' width='440px'>User Interaction: REQUIRED</td><td colspan='2' width='320px' align= 'left' valign = 'top'>Confidentiality: NONE</td></tr><tr><td colspan='2' width='440px'>Scope: CHANGED</td><td colspan='2' width='320px' align = 'left' valign = 'top'>Integrity: PARTIAL</td></tr><tr><td colspan='2' width='440px'>Confidentiality: LOW</td><td colspan = '2' width='320px' align = 'left' valign = 'top'>Availability: NONE</td></tr><tr><td colspan='2' width='440px'>Integrity: LOW</td><td colspan='2' width='320px' align = 'left' valign = 'top'> </td></tr><tr><td colspan='2' width='440px'>Availability: NONE</td><td colspan='2' width='320px' align = 'left' valign = 'top'> </td></tr><tr><td colspan='2' width='440px'> </td><td colspan='2' width='320px' align = 'left' valign = 'top'> </td></tr></table><table cellspacing='0' border='0' style='color:#08549C'><tr><td width='640px' valign='top'><b style='font-size:13px'>Reference:</b> </td></tr><tr> <td><a href="javascript: openReference('http://www.safecomp.com/blog/donlinkage.html')">http://www.safecomp.com/blog/donlinkage.html</a></td> </tr></table></br> </div> </td> </tr> </table> </div> <a href="control.jsp?command=relation&relationId=cpe:/a:i4a:donlinkage:6.6.8&search=cpe:/a:i4a:donlinkage:6.6.8" style="cursor:pointer;" onmouseOver="showIdsMouseOver('sub1')" onmouseOut="showIdsMouseOut('sub1')"> <div class='relation-div-small' id='sub1' style='left:40%;'> <font color="#08549C"> <table cellpadding="0" cellspacing="0" width="100%" border="0"> <tr> <td align="left"> <font color="#08549C"> <b>CPE</b> </font> <font color="#08549C" size=3> <b>   1</b> </font> </td> </tr> </table> <div id="idDiv1" style="text-overflow:ellipsis;overflow:hidden;width:120px;" > <font size=1> cpe:/a:i4a:donlinkage:6.6.8<br/> </font> </div> </div> </a> <input id="idDivHidden1" name="idDivHidden1" type="hidden" value="cpe:/a:i4a:donlinkage:6.6.8"> <a href="control.jsp?command=relation&relationId=79&search=79" style="cursor:pointer;" onmouseOver="showIdsMouseOver('sub2')" onmouseOut="showIdsMouseOut('sub2')"> <div class='relation-div-small' id='sub2' style='left:50%;'> <font color="#08549C"> <table cellpadding="0" cellspacing="0" width="100%" border="0"> <tr> <td align="left"> <font color="#08549C"> <b>CWE</b> </font> <font color="#08549C" size=3> <b>   1</b> </font> </td> </tr> </table> <div id="idDiv2" style="text-overflow:ellipsis;overflow:hidden;width:120px;" > <font size=1> CWE-79<br/> </font> </div> </div> </a> <input id="idDivHidden2" name="idDivHidden2" type="hidden" value="CWE-79"> <div style="position:absolute;top:620px;left:540px;clear:both;"> <script> function footer(page){ window.open(page); } </script> <script src="/JavaScriptServlet" type="text/javascript"></script> <p style="clear:both;text-align:center;"> <center><p>© <script>document.write(new Date().getFullYear())</script> SecPod Technologies</p></center> </p> </div> </div> </body> </html>