CVE-2018-6362

CVE-2018-6362

EPSS 1.1%

Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-XSS-COOKIE-THEFT.txt http://packetstormsecurity.com/files/147554/Easy-Hosting-Control-Panel-0.37.12.b-Cross-Site-Scripting-Cookie-Theft.html