XSS Vulnerability in Reservo Image Hosting 1.6's Search Engine Allows Session Hijacking

XSS Vulnerability in Reservo Image Hosting 1.6's Search Engine Allows Session Hijacking

CVE-2018-5705 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected function is its search engine (the t parameter to the /search URI). Since there is an user/admin login interface, it's possible for attackers to steal sessions of users and thus admin(s). By sending users an infected URL, code will be executed.

Learn more about our User Device Pen Test.