CVE-2018-7746

HIGH

Western Bridge Cobub Razor 0.7.2 - Stored XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-7746. PoCs published by ppb.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in Cobub Razor 0.7.2, allowing an attacker to submit a crafted form that modifies a channel name with a stored XSS payload. The payload is triggered when an admin accesses the channel management page.

Description

An issue was discovered in Western Bridge Cobub Razor 0.7.2. Authentication is not required for /index.php?/manage/channel/modifychannel. For example, with a crafted channel name, stored XSS is triggered during a later /index.php?/manage/channel request by an admin.

Exploits (1)

exploitdb WORKING POC VERIFIED
by ppb · textwebappsphp
https://www.exploit-db.com/exploits/44416

This exploit demonstrates a CSRF vulnerability in Cobub Razor 0.7.2, allowing an attacker to submit a crafted form that modifies a channel name with a stored XSS payload. The payload is triggered when an admin accesses the channel management page.

Classification
Working Poc 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Cobub Razor 0.7.2
No auth needed
Prerequisites: Access to the target application's /index.php?/manage/channel/modifychannel endpoint · Victim interaction to submit the form
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44416/
Exploit, Vendor Advisory x_refsource_misc
https://github.com/cobub/razor/issues/161

Scores

CVSS v3 8.8
EPSS 0.0327
EPSS Percentile 86.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-352 CWE-79
Status published
Products (1)
cobub/razor 0.7.2
Published Mar 07, 2018
Tracked Since Feb 18, 2026