CVE-2019-19738
MEDIUM WAF: High
CVSS 6.1
Published: 2019-12-30
CWE-79
log_file_viewer.php in MFScripts YetiShare 3.5.2 through 4.5.3 does not sanitize or encode the output from the lFile parameter on the page, which would allow an attacker to input HTML or execute scripts on the site, aka XSS.
WAF Coverage Analysis
Cross-Site Scripting (XSS)
High WAF Coverage
OWASP: A03:2021 Injection
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| mfscripts | yetishare | 3.5.2 - 4.5.3 |
References
- github.com (Exploit, Third Party Advisory)
- medium.com