CVE-2018-8900

Published: May 2, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability.

Affected (1)

Products: Gemalto: Sentinel Ldk Rte

1 product

Sentinel Ldk Rte

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gemalto Sentinel Ldk Rte	Before 7.80

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

https://cert-portal.siemens.com/productcert/pdf/ssa-566773.pdf

Source: cve@mitre.org

https://drive.google.com/file/d/18BaBzGcjWAfJyZ_phWEVerYmmLB-vxF-/view?usp=sharing

Source: cve@mitre.org

Vendor Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-566773.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

https://drive.google.com/file/d/18BaBzGcjWAfJyZ_phWEVerYmmLB-vxF-/view?usp=sharing

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.