CVE-2018-8900: XSS
First published: Wed May 02 2018(Updated: )
The License Manager service of HASP SRM, Sentinel HASP and Sentinel LDK products prior to Sentinel LDK RTE 7.80 allows remote attackers to inject malicious web script in the logs page of Admin Control Center (ACC) for cross-site scripting (XSS) vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thales Sentinel LDK | <7.80 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-8900?
CVE-2018-8900 is classified as a medium severity vulnerability due to its potential for cross-site scripting attacks.
How do I fix CVE-2018-8900?
To fix CVE-2018-8900, upgrade to Sentinel LDK RTE version 7.80 or later.
What products are affected by CVE-2018-8900?
CVE-2018-8900 affects HASP SRM, Sentinel HASP, and Sentinel LDK products prior to version 7.80.
What type of attack can CVE-2018-8900 facilitate?
CVE-2018-8900 can facilitate cross-site scripting (XSS) attacks through the injection of malicious web scripts.
Who is the vendor for CVE-2018-8900?
The vendor for CVE-2018-8900 is Thales, specifically for their Sentinel LDK product line.
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gemalto
- canonical/thales sentinel ldk