Skip to content
/ CVE-2019-10685 Public

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Print Archive System v2015 release 2.6

License

GPL-3.0 license
3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

alt3kx/CVE-2019-10685

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits

CVE-2019-10685.txt

CVE-2019-10685.txt

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

CVE-2019-10685

The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the "TextField" parameter.

Exploit-DB publication at https://www.exploit-db.com/exploits/46804
PacketStorm publication at https://packetstormsecurity.com/files/152727/Prinect-Archive-System-2015-Release-2.6-Cross-Site-Scripting.html
CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10685

Timeline

================
2019-02-04: Discovered
2019-02-25: Retest PRO environment
2019-03-25: Retest on researcher's ecosystem
2019-04-02: Vendor notification
2019-04-03: Vendor feedback received
2019-04-08: Reminder sent
2019-04-08: 2nd reminder sent
2019-04-11: Internal communication
2019-04-26: No more feedback received from the vendor
2019-04-30: New issues found
2019-05-06: Public Disclosure

Heidelberg (Print Archive System v2015 release 2.6 Product) Patch and credits:

https://www.heidelberg.com

3_poc

Author

Alex Hernandez aka (@_alt3kx_)

My current exploit list @exploit-db:
https://www.exploit-db.com/author/?a=1074
https://www.exploit-db.com/author/?a=9576

CVE-2019-10685 with sexy screens here: https://medium.com/@alt3kx

About

A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Print Archive System v2015 release 2.6

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

3 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published