← voltar
CVE-2018-15528

CVE-2018-15528

EPSS 1.3%
Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" function. The payload is triggered when the victim opens a prepared /ux/jss-sso/arslogin?[XSS] link and then clicks the "Login" button.
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://packetstormsecurity.com/files/149007/BMC-MyIT-Java-System-Solutions-SSO-Plugin-4.0.13.1-Cross-Site-Scripting.htmlhttp://seclists.org/bugtraq/2018/Aug/41