CVE-2018-19091
Description
tianti 2.3 contains a reflected XSS vulnerability in the user management module via the userName parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
tianti 2.3 contains a reflected XSS vulnerability in the user management module via the userName parameter.
Vulnerability
tianti 2.3 is affected by a reflected cross-site scripting (XSS) vulnerability in the user management module. The vulnerable endpoint is tianti-module-admin/user/list, where the userName parameter is echoed back into the response without proper sanitization or encoding [1]. This occurs in user_list.jsp which directly displays the value received from the controller, as noted in the source code review [1].
Exploitation
An attacker can craft a malicious URL containing XSS payload in the userName parameter. For example, a payload like `` can be injected [1]. The attacker then sends the link to a victim with administrative privileges; when the victim clicks the link and the user list page renders, the script executes in the browser. No authentication is required for the initial request, but the impact depends on the victim's session [1].
Impact
Successful exploitation allows an attacker to execute arbitrary JavaScript in the context of the victim's browser. This can lead to session cookie theft, enabling account takeover or privilege escalation if an admin user is targeted [1]. The vulnerability is classified as reflected XSS, though the same module also contains stored XSS vectors [1].
Mitigation
The issue was reported via a GitHub issue [1] but no official patch or fixed version has been confirmed. Users should validate and sanitize all user-supplied input before rendering in web pages, and implement Content-Security-Policy headers to reduce risk. As no fix is publicly available, upgrading to a secure version is not possible until the vendor releases a patch.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"The user management module fails to sanitize user input in the userName parameter, allowing for reflected cross-site scripting."
Attack vector
An attacker can exploit this vulnerability by sending a crafted request to the `/tianti-module-admin/user/list` endpoint. The request should include a malicious payload within the `userName` parameter, such as `"><img src=i onerror=alert(document.cookie)>`. This payload is then reflected in the application's response without proper encoding, leading to script execution in the victim's browser [ref_id=1].
Affected code
The vulnerability exists in the user management module, specifically within the `tianti-module-admin/user/list` endpoint. The `user_list.jsp` file receives data from the controller and displays it without adequate sanitization of user-provided input in the `userName` parameter [ref_id=1].
What the fix does
The advisory does not provide specific details on the patch or remediation steps. However, it suggests implementing global interceptors to validate incoming requests for potential threats and to sanitize special characters in responses to prevent XSS attacks [ref_id=1].
Preconditions
- networkThe attacker must be able to send a crafted HTTP request to the vulnerable endpoint.
- inputThe `userName` parameter must be controllable by the attacker.
Generated on Jun 3, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- github.com/xujeff/tianti/issues/27mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.