CVE-2018-1000163

Published: Apr 18, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console.

Affected (1)

Products: Projectfloodlight: Floodlight

Projectfloodlight

1 product

Floodlight

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Projectfloodlight Floodlight	Up to 1.2

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://xiaofen9.github.io/blog/floodlight-rce/

Source: cve@mitre.org

ExploitThird Party Advisory

https://xiaofen9.github.io/blog/floodlight-rce/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.