CVE-2018-12905
published 2018-06-27CVE-2018-12905: joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions.
PriorityP339medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
42.21%
98.5th percentile
joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joyplus-cms_project | joyplus-cms | — | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS Online Trade - Information Disclosure
suricata·2018-07-05
CVE-2018-12905 ET WEB_SPECIFIC_APPS Online Trade - Information Disclosure
ET WEB_SPECIFIC_APPS Online Trade - Information Disclosure
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS Online Trade - Information Disclosure"; flow:established,to_server; http.uri; content:"/dashboard/deposit"; fast_pattern; endswith; reference:cve,2018-12905; reference:url,exploit-db.com/exploits/44977/; classtype:attempted-recon; sid:2025783; rev:3; metadata:attack_target Web_Server, created_at 2018_07_05, cve CVE_2018_12905, deployment Datacenter, performance_impact Low, signature_severity Major, updated_at 2020_09_16, mitre_tactic_id TA0007, mitre_tactic_name Discovery, mitre_technique_id T1082, mitre_technique_name System_Information_Discovery;)
No public exploits indexed.
No writeups or analysis indexed.
2018-06-27
Published