CVE-2018-7650 Information

Description

PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the \Add New\ function for a Management User. Within the \Add New\ section the application does not sanitize user supplied input to the name parameter and renders injected JavaScript code to the user’s browser. This is different from CVE-2018-6878.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Reference

https://neetech18.blogspot.in/2018/03/stored-xss-vulnerability-in-hot-scripts.html

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

4.8