CVE-2018-10763

MEDIUM

SynaMan 4.0 build 1488 - Stored Cross-Site Scripting via Partial Branding Configuration

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-10763. PoCs published by bzyo.

AI-analyzed exploit summary This is a writeup describing an authenticated stored XSS vulnerability in SynaMan 4.0. The PoC demonstrates how an attacker with admin access can inject a JavaScript payload into the 'Partial Branding' fields, which executes when navigating the web app.

Description

Multiple cross-site scripting (XSS) vulnerabilities in Synametrics SynaMan 4.0 build 1488 via the (1) Main heading or (2) Sub heading fields in the Partial Branding configuration page.

Exploits (1)

exploitdb WRITEUP

by bzyo · textwebappswindows

https://www.exploit-db.com/exploits/45386

View Code ZIP pw:eip

This is a writeup describing an authenticated stored XSS vulnerability in SynaMan 4.0. The PoC demonstrates how an attacker with admin access can inject a JavaScript payload into the 'Partial Branding' fields, which executes when navigating the web app.

Classification

Writeup 90%

Attack Type

Xss

Complexity

Trivial

Reliability

Reliable

Target: SynaMan 4.0 build 1488

Auth required

Prerequisites: Admin access to SynaMan web console

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/45386/

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/149324/SynaMan-4.0-Build-1488-Cross-Site-Scripting.html

Scores

CVSS v3 4.8

EPSS 0.0165

EPSS Percentile 73.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-79

Status published

Products (1)

synametrics/synaman 4.0

Published Sep 14, 2018

Tracked Since Feb 18, 2026