CyberSec.Space Logo
Back to CVE Browser

CVE-2019-18419

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0500%
EPSS Percentile12.29th
PublishedOct 24, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A cross-site scripting (XSS) vulnerability in index.php in ClonOS WEB control panel 19.09 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

Affected Platforms (CPE)

💻
Clonos

Clonos

= 19.09

References & Advisories

🔗 https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability
🔗 https://github.com/Andhrimnirr/ClonOS-WEB-control-panel-multi-vulnerability

Related Vulnerabilities

CVE-2019-155719.8

The WEB control panel before 2019-04-30 for ClonOS allows SQL injection in clonos.php.

CVE-2019-184189.8

clonos.php in ClonOS WEB control panel 19.09 allows remote attackers to gain full access via change password requests because ther...

CVE-2019-390510.0

Zoho ManageEngine ADSelfService Plus 5.x before build 5703 has SSRF.

CVE-2019-623510.0

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12...