Apachefriends XAMPP 5.6.8 Cross Site Scripting Vulnerability


XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.


The information has been provided by Rafael Pedrero .
The original article can be found at: http://seclists.org/fulldisclosure/2019/Feb/43


Apachefriends Xampp is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. 


Vulnerable Systems:

  • Apachefriends Xampp 5.6.8

CVE Information:

Disclosure Timeline:
Publish Date:05/16/2019