0x0 CVE-2018-13252

Discoverer

VULNC0D3 ( @herwonowr )


CVE ID

CVE-2018-13252


Description

Entrust Datacard Syntera CS 5.x has XSS via the name field of “Domain or Computer Name” in the login page.


Vulnerability Type

Cross Site Scripting (XSS)


Vendor of Product

ENTRUST DATACARD CORPORATION

– Vendor Homepage : https://www.entrustdatacard.com

– Software Link : https://www.datacard.com/manufacturing-efficiency-software-support/syntera-cs


Affected Product Code Base

Syntera CS - 5.x


Affected Component

Login Page


Attack Type

Remote


Impact Code execution

True


Attack Vectors

Remote


Timeline

– 2018-07-05 : Request CVE ID

– 2018-07-05 : CVE ID Assigned

– 2018-07-05 : Request for Publication

– 2018-07-05 : CVE ID Public Release