CVE-2018-13002 — MEDIUM (4.8)

Vulnerability Description

An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. The injection point is located in the Project `Title` and the execution point occurs in the `Inhaltsprojekte` output listing section. Remote attackers with privileged user accounts are able to inject their own malicious script code with a persistent attack vector to compromise user session credentials or to manipulate the affected web-application module output context. The request method to inject is POST.

CVSS Score

4.8

MEDIUM

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Weblication	Cms Core \& Grid	12.6.24

Related Weaknesses (CWE)

CWE-79

References

https://www.vulnerability-lab.com/get_content.php?id=2121ExploitThird Party Advisory
https://www.vulnerability-lab.com/get_content.php?id=2121ExploitThird Party Advisory

FAQ

What is CVE-2018-13002?

CVE-2018-13002 is a vulnerability with a CVSS score of 4.8 (MEDIUM). An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. T...

How severe is CVE-2018-13002?

CVE-2018-13002 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-13002?

Check the references section above for vendor advisories and patch information. Affected products include: Weblication Cms Core \& Grid.