CVE-2018-18548

Vulnerability

Ajenti 1 (aka Ajenti Docker control panel) through version v1.2.23.13 contains a stored cross-site scripting (XSS) vulnerability in its File Manager component [1][2]. The issue occurs because filenames are not properly sanitized before being displayed in the interface. An attacker who can create or rename a file on the server can inject arbitrary JavaScript code into the filename [1]. This affects all installations running Ajenti v1.2.23.13 or earlier [3].

Exploitation

To exploit this vulnerability, an attacker must have write access to the file system managed by the Ajenti File Manager, typically via valid credentials or through another compromise [1]. The attacker creates a file (or renames an existing file) using a name containing malicious JavaScript, such as ``. When an administrator or user views the file listing in the File Manager, the injected script is executed in their browser session [1]. No additional user interaction beyond viewing the file list is required [1].

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript in the context of the Ajenti application [1]. This enables session hijacking, credential theft, defacement, or redirection to malicious sites. Since Ajenti is a server administration panel, compromise could lead to full control of the underlying server if an administrator account is targeted [3].

Mitigation

As of the available references, no patched version has been released for Ajenti 1 [1][2][3]. The project's main repository indicates Ajenti 2 is under development [3], and mitigations may only be available in that major version. Users should restrict access to the File Manager to trusted users and avoid uploading or renaming files from untrusted sources until a fix is provided [1][2].