Vulnerable Product: HighPortal
Affected version: 12.5
Vulnerability Type: XSS
CVE: CVE-2018-17964


CWE: CWE-79
Credit: Ali Abdollahi
Remote: Yes
Description:XSS vulnerability on Aryanic HighPortal  version 12.5 via an Add Tags action.Contact: https://twitter.com/aliabdollahi2

References: - https://example.com/directory.php?id=51622199%3Cscript%3Ealert(1)%3C/script%3E&page=something.php- http://i63.tinypic.com/30mofax.png