VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 17, 2018· Updated Aug 5, 2024

CVE-2018-19771

CVE-2018-19771

Description

Cross Site Scripting exists in InfoVista VistaPortal SE Version 5.1 (build 51029). The page "EditCurrentPool.jsp" has reflected XSS via the PropName parameter.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Reflected XSS in InfoVista VistaPortal SE 5.1 (build 51029) via PropName parameter in EditCurrentPool.jsp.

Vulnerability

A reflected cross-site scripting (XSS) vulnerability exists in InfoVista VistaPortal SE version 5.1 (build 51029). The page EditCurrentPool.jsp does not properly sanitize user input supplied via the PropName HTTP GET parameter, allowing an attacker to inject arbitrary HTML or JavaScript code.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious URL containing a JavaScript payload in the PropName parameter. The victim must be tricked into clicking the crafted link. No authentication or special privileges are required for the attacker to deliver the payload.

Impact

Successful exploitation allows the attacker to execute arbitrary JavaScript code in the context of the victim's browser session. This can lead to session hijacking, credential theft, defacement, or redirection to malicious sites.

Mitigation

As of the publication date, no official patch or vendor advisory has been released. The only reference is a public disclosure [1]. Mitigations include input validation and encoding of the PropName parameter, or the use of a web application firewall (WAF) to block malicious requests.

References
  1. Packet Storm

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.