CVE-2018-11090 Information

Description

An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within \ProxyPage.aspx\ allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

http://seclists.org/fulldisclosure/2018/May/32 https://www.sec-consult.com/en/blog/advisories/arbitrary-file-upload-cross-site-scripting-in-mybiz-myprocurenet/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1