HighPortal 12.5 Cross Site Scripting Vulnerability

2018-10-18
ID: 99779
CVE: None
Download vulnerable application: None
Vulnerable Product: HighPortal
Affected version: 12.5
Vulnerability Type: XSS
CVE: CVE-2018-17964
  CWE: CWE-79
Credit: Ali Abdollahi
Remote: Yes
Description:XSS vulnerability on Aryanic HighPortal  version 12.5 via an Add Tags action.Contact: https://twitter.com/aliabdollahi2
 References: - https://example.com/directory.php?id=51622199%3Cscript%3Ealert(1)%3C/script%3E&page=something.php- http://i63.tinypic.com/30mofax.png
1-4-2 (www02)