Azure App Service On Azure Stack
CVE-2018-8600
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka "Azure App Service Cross-site Scripting Vulnerability." This affects Azure App.
AnalysisAI
A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka "Azure App Service Cross-site Scripting Vulnerability.". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A Cross-site Scripting (XSS) vulnerability exists when Azure App Services on Azure Stack does not properly sanitize user provided input, aka "Azure App Service Cross-site Scripting Vulnerability." This affects Azure App. Affected products include: Microsoft Azure App Service On Azure Stack.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
An remote code execution vulnerability exists when Azure App Service/ Antares on Azure Stack fails to check the length o
Azure App Service on Azure Stack Hub Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.7), this vulnerab
Exposure of private personal information to an unauthorized actor in Azure Stack allows an authorized attacker to disclo
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today