Vulnerability Details CVE-2018-6362
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.2%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-XSS-COOKIE-THEFT.txt
- http://packetstormsecurity.com/files/147554/Easy-Hosting-Control-Panel-0.37.12.b-Cross-Site-Scripting-Cookie-Theft.html
- http://hyp3rlinx.altervista.org/advisories/EHCP-v0.37.12.b-XSS-COOKIE-THEFT.txt
- http://packetstormsecurity.com/files/147554/Easy-Hosting-Control-Panel-0.37.12.b-Cross-Site-Scripting-Cookie-Theft.html
Products affected by CVE-2018-6362
-
cpe:2.3:a:ehcp:easy_hosting_control_panel:0.37.12.b