Strix
26.1K

CVE-2018-1000629

UnknownEPSS 1.28%

Last modified

CVE-2018-1000629 is a vulnerability of currently unknown severity. Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. EPSS estimates a 1.28% chance of exploitation in the next 30 days.

Description

Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

Metrics

EPSS Probability
1.28%

66.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
BattelleV2i Hub2.5.1

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2018-1000629?
Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or _login_username parameter in a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
How severe is CVE-2018-1000629?
Severity scoring for CVE-2018-1000629 is pending analysis. The EPSS model estimates a 1.28% probability of exploitation in the next 30 days.
How do I fix CVE-2018-1000629?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-1000629?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST