0x0 CVE-2018-13252

Discoverer

VULNC0D3 ( @herwonowr )

CVE ID

CVE-2018-13252

Description

Entrust Datacard Syntera CS 5.x has XSS via the name field of “Domain or Computer Name” in the login page.

Vulnerability Type

Cross Site Scripting (XSS)

Vendor of Product

ENTRUST DATACARD CORPORATION

– Vendor Homepage : https://www.entrustdatacard.com

– Software Link : https://www.datacard.com/manufacturing-efficiency-software-support/syntera-cs

Affected Product Code Base

Syntera CS - 5.x

Affected Component

Login Page

Attack Type

Remote

Impact Code execution

True

Attack Vectors

Remote

Timeline

– 2018-07-05 : Request CVE ID

– 2018-07-05 : CVE ID Assigned

– 2018-07-05 : Request for Publication

– 2018-07-05 : CVE ID Public Release

Index
(c) 2021 VULNC0D3