Description
Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by hyp3rlinx · textwebappsmultiple
https://www.exploit-db.com/exploits/43205
References (5)
Core 5
Core References
Exploit, Third Party Advisory, VDB Entry x_refsource_misc
http://packetstormsecurity.com/files/145182/MistServer-2.12-Cross-Site-Scripting.html
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2017/Dec/2
Exploit, Third Party Advisory x_refsource_misc
http://hyp3rlinx.altervista.org/advisories/MIST-SERVER-v2.12-UNAUTHENTICATED-PERSISTENT-XSS-CVE-2017-16884.txt
Exploit, Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/43205/
Release Notes x_refsource_confirm
https://news.mistserver.org/news/78/Stable+release+2.13+now+available%21
Scores
CVSS v3
6.1
EPSS
0.0620
EPSS Percentile
90.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
CWE
CWE-79
Status
published
Products (1)
mistserver/mistserver
< 2.13
Published
Dec 07, 2017
Tracked Since
Feb 18, 2026