Apachefriends XAMPP 5.6.8 Cross Site Scripting Vulnerability

Summary

XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.

Credit:

The information has been provided by Rafael Pedrero .
The original article can be found at: http://seclists.org/fulldisclosure/2019/Feb/43


Details

Apachefriends Xampp is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. 

 

Vulnerable Systems:

  • Apachefriends Xampp 5.6.8

CVE Information:
CVE-2019-8924

Disclosure Timeline:
Publish Date:05/16/2019