CVE-2017-16884

MEDIUM

mistserver < 2.13 - Unauthenticated Stored Cross-Site Scripting via Failed Authentication Alert

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-16884. PoCs published by hyp3rlinx.

AI-analyzed exploit summary This exploit demonstrates an unauthenticated persistent XSS vulnerability in MistServer v2.12. Attackers can inject malicious payloads via failed HTTP authentication requests, which are then stored in server logs and executed in the web interface due to automatic UI refresh.

Description

Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.

Exploits (1)

exploitdb WORKING POC VERIFIED

by hyp3rlinx · textwebappsmultiple

https://www.exploit-db.com/exploits/43205

View Code ZIP pw:eip

This exploit demonstrates an unauthenticated persistent XSS vulnerability in MistServer v2.12. Attackers can inject malicious payloads via failed HTTP authentication requests, which are then stored in server logs and executed in the web interface due to automatic UI refresh.

Classification

Working Poc 100%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: MistServer v2.12

No auth needed

Prerequisites: Network access to the target server · MistServer v2.12 with exposed admin interface

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059.007 - JavaScript

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/145182/MistServer-2.12-Cross-Site-Scripting.html

Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2017/Dec/2

Exploit, Third Party Advisory x_refsource_misc

http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/43205/

Release Notes x_refsource_confirm

https://news.mistserver.org/news/78/Stable+release+2.13+now+available%21

Scores

CVSS v3 6.1

EPSS 0.0433

EPSS Percentile 89.9%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

mistserver/mistserver < 2.13

Published Dec 07, 2017

Tracked Since Feb 18, 2026