Description
Cross-site scripting (XSS) vulnerability in index.php in AppServ Open Project 2.5.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the appservlang parameter.
Affected products
- appserv_open_project / appserv2.5.10
- appserv_open_project / appserv1.0.0 β 1.0.0
- appserv_open_project / appserv1.2.0 β 1.2.0
- appserv_open_project / appserv1.3.0 β 1.3.0
- appserv_open_project / appserv1.4.0 β 1.4.0
- appserv_open_project / appserv1.5.0 β 1.5.0
- appserv_open_project / appserv1.6.0 β 1.6.0
- appserv_open_project / appserv1.7.0 β 1.7.0
- appserv_open_project / appserv1.8.0 β 1.8.0
- appserv_open_project / appserv1.9.0 β 1.9.0
- appserv_open_project / appserv2.0.0 β 2.0.0
- appserv_open_project / appserv2.1.0 β 2.1.0
- appserv_open_project / appserv2.2.0 β 2.2.0
- appserv_open_project / appserv2.3.0 β 2.3.0
- appserv_open_project / appserv2.4 β 2.4
- appserv_open_project / appserv2.4.1 β 2.4.1
- appserv_open_project / appserv2.4.2 β 2.4.2
- appserv_open_project / appserv2.4.3 β 2.4.3
- appserv_open_project / appserv2.4.4 β 2.4.4
- appserv_open_project / appserv2.4.4a β 2.4.4a
- appserv_open_project / appserv2.4.5 β 2.4.5
- appserv_open_project / appserv2.4.6 β 2.4.6
- appserv_open_project / appserv2.4.7 β 2.4.7
- appserv_open_project / appserv2.4.8 β 2.4.8
- appserv_open_project / appserv2.4.9 β 2.4.9
- appserv_open_project / appserv2.5 β 2.5
- appserv_open_project / appserv2.5.1 β 2.5.1
- appserv_open_project / appserv2.5.2 β 2.5.2
- appserv_open_project / appserv2.5.3 β 2.5.3
- appserv_open_project / appserv2.5.4 β 2.5.4
- appserv_open_project / appserv2.5.4a β 2.5.4a
- appserv_open_project / appserv2.5.5 β 2.5.5
- appserv_open_project / appserv2.5.6 β 2.5.6
- appserv_open_project / appserv2.5.7 β 2.5.7
- appserv_open_project / appserv2.5.8 β 2.5.8
- appserv_open_project / appserv2.5.9 β 2.5.9
Exploits & PoCs
- nucleiAppServ Open Project <=2.5.10 - Cross-Site Scriptingby unstabl3