cbcvebase.
CVE-2019-12461
published 2019-05-30

CVE-2019-12461: Web Port 1.19.1 allows XSS via the /log type parameter.

PriorityP345medium6.1CVSS 3.0
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
9.92%
95.0th percentile
Web Port 1.19.1 allows XSS via the /log type parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
webportweb_port

Detection & IOCsextracted from sources · hover to see the quote

url/log?type=%22%3C/script%3E%3Cscript%3Ealert(%27xss%27);%3C/script%3E%3Cscript%3E
url/log?type=%22%3C/script%3E%3Cscript%3Ealert(document.domain);%3C/script%3E%3Cscript%3E
path/log
  • Detect reflected XSS exploitation attempts by matching URL-encoded script injection in the 'type' query parameter of GET requests to /log
  • Match response body for unescaped reflected payload string '"alert(document.domain);' in text/html responses with HTTP 200 to confirm successful XSS reflection
  • The session cookie name used by WebPort is '__tiny_sessid'; monitor for this cookie being transmitted over attacker-crafted XSS links targeting port 8090
  • ·The exploit was tested on both Windows and Linux deployments of WebPort 1.19.1; detection rules should be applied regardless of OS platform
  • ·The vulnerability is specifically in version 1.19.1; the /log endpoint's 'type' parameter is the sole confirmed injection point

CVSS provenance

nvdv3.06.1MEDIUMCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.