CVE-2018-12095
published 2018-06-11CVE-2018-12095: A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of…
PriorityP333medium5.4CVSS 3.0
AVNACLPRLUIRSCCLILAN
EXPLOIT
EPSS
5.10%
91.3th percentile
A Reflected Cross-Site Scripting web vulnerability has been discovered in the OEcms v3.1 web-application. The vulnerability is located in the mod parameter of info.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oecms_project | oecms | — | — |
CVSS provenance
nvdv3.05.4MEDIUMCVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
OEcms 3.1 - Cross-Site Scripting
exploitdb·2018-06-15·CVSS 5.4
CVE-2018-12095 [MEDIUM] OEcms 3.1 - Cross-Site Scripting
OEcms 3.1 - Cross-Site Scripting
---
# Title: OEcms 3.1 - Cross-Site Scripting
# Author: Felipe "Renzi" Gabriel
# Date: 2018-06-15
# Software: OEcms v3.1
# CVE: CVE-2018-12095
# Technical Details & Description:
# A Reflected Cross-Site Scripting web vulnerability has been discovered in the "OEcms v3.1" web-application.
# The vulnerability is located in the 'mod' parameter of the`info.php` action GET method request.
# PoC
http://Target/cms/info.php?mod=list"
Nuclei
OEcms 3.1 - Cross-Site Scripting
nuclei·CVSS 5.4
CVE-2018-12095 [MEDIUM] OEcms 3.1 - Cross-Site Scripting
OEcms 3.1 - Cross-Site Scripting
OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of info.php.
Template:
id: CVE-2018-12095
info:
name: OEcms 3.1 - Cross-Site Scripting
author: LogicalHunter
severity: medium
description: OEcms 3.1 is vulnerable to reflected cross-site scripting via the mod parameter of info.php.
impact: |
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary JavaScript code in the context of the victim's browser, leading to session hijacking, defacement, or theft of sensitive information.
remediation: |
Apply the latest patch or upgrade to a newer version of OEcms to fix the XSS vulnerability.
reference:
- https://www.exploit-db.com/exploits/44895
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-20
2018-06-11
Published