CVE-2018-11090
Summary
| CVE | CVE-2018-11090 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-05-14 23:29:00 UTC |
| Updated | 2018-06-18 14:02:00 UTC |
| Description | An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This vulnerability within "ProxyPage.aspx" allows an attacker to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site. |
Risk And Classification
Problem Types: CWE-79
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Mybiz | Myprocurenet | 5.0.0 | All | All | All |
| Application | Mybiz | Myprocurenet | 5.0.0 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Full Disclosure: SEC Consult SA-20180514-0 :: Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet | MISC | seclists.org | Mailing List, Third Party Advisory |
| Arbitrary File Upload & Cross-site scripting in MyBiz MyProcureNet – SEC Consult | MISC | www.sec-consult.com | Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.