CVE-2018-19785
published 2018-12-01CVE-2018-19785: PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.
PriorityP423medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EPSS
0.94%
56.4th percentile
PHP-Proxy through 5.1.0 has Cross-Site Scripting (XSS) via the URL field in index.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| athlon1600 | php-proxy-app | >= 0 < 3.0 | 3.0 |
| php-proxy | php-proxy | <= 5.1.0 | — |
CVSS provenance
nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
PHP-Proxy up to 5.1.0 index.php URL cross site scripting (Issue 140 / EUVD-2022-3574)
vuldb·2026-06-01·CVSS 6.1
CVE-2018-19785 [MEDIUM] PHP-Proxy up to 5.1.0 index.php URL cross site scripting (Issue 140 / EUVD-2022-3574)
A vulnerability was found in PHP-Proxy up to 5.1.0. It has been classified as problematic. Impacted is an unknown function of the file index.php. This manipulation of the argument URL causes cross site scripting.
This vulnerability appears as CVE-2018-19785. The attack may be initiated remotely. There is no available exploit.
GHSA
XSS in PHP-Proxy-App through v3.0
ghsa·2022-05-14
CVE-2018-19785 [MEDIUM] CWE-79 XSS in PHP-Proxy-App through v3.0
XSS in PHP-Proxy-App through v3.0
PHP-Proxy-App through 3.0 has Cross-Site Scripting (XSS) via the URL field in index.php.
OSV
XSS in PHP-Proxy-App through v3.0
osv·2022-05-14
CVE-2018-19785 [MEDIUM] XSS in PHP-Proxy-App through v3.0
XSS in PHP-Proxy-App through v3.0
PHP-Proxy-App through 3.0 has Cross-Site Scripting (XSS) via the URL field in index.php.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2018-12-01
Published