CSRF and XSS Vulnerability in JTBC(PHP) 3.0.1.7 via console/xml/manage.php?type=action&action=edit URI

CSRF and XSS Vulnerability in JTBC(PHP) 3.0.1.7 via console/xml/manage.php?type=action&action=edit URI

CVE-2018-19546 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter.

Learn more about our Web Application Penetration Testing UK.