HighPortal version 12.5 suffers from a cross site scripting vulnerability.
dc3438488946e0c9472997dfce4da1dfe5cae5b34fbf0e8e172de192753810ae
Vulnerable Product: HighPortal
Affected version: 12.5
Vulnerability Type: XSS
CVE: CVE-2018-17964
CWE: CWE-79
Credit: Ali Abdollahi
Remote: Yes
Description:XSS vulnerability on Aryanic HighPortal version 12.5 via an Add Tags action.Contact: https://twitter.com/aliabdollahi2
References: - https://example.com/directory.php?id=51622199%3Cscript%3Ealert(1)%3C/script%3E&page=something.php- http://i63.tinypic.com/30mofax.png