Search criteria
2 vulnerabilities found for userSpice by UserSpice
CVE-2018-25350 (GCVE-0-2018-25350)
Vulnerability from cvelistv5 – Published: 2026-05-23 18:30 – Updated: 2026-05-23 18:30
VLAI?
Title
userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php
Summary
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system.
Severity ?
9.8 (Critical)
CWE
- CWE-204 - Observable Response Discrepancy
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44872 | exploit |
| https://www.vulncheck.com/advisories/userspice-us… | third-party-advisory |
Date Public ?
2018-06-10 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "userSpice",
"vendor": "UserSpice",
"versions": [
{
"status": "affected",
"version": "4.3.24"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dolev Farhi"
}
],
"datePublic": "2018-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the \u0027taken\u0027 string to identify existing accounts in the system."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-204",
"description": "Observable Response Discrepancy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T18:30:51.228Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-44872",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/44872"
},
{
"name": "VulnCheck Advisory: userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/userspice-username-enumeration-via-existingusernamecheck-php"
}
],
"title": "userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25350",
"datePublished": "2026-05-23T18:30:51.228Z",
"dateReserved": "2026-05-23T15:34:00.756Z",
"dateUpdated": "2026-05-23T18:30:51.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-25349 (GCVE-0-2018-25349)
Vulnerability from cvelistv5 – Published: 2026-05-23 18:30 – Updated: 2026-05-24 01:36
VLAI?
Title
userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For Header
Summary
userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators visit the audit log page.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.exploit-db.com/exploits/44871 | exploit |
| https://www.vulncheck.com/advisories/userspice-cr… | third-party-advisory |
Date Public ?
2018-06-10 00:00
Credits
{
"containers": {
"cna": {
"affected": [
{
"product": "userSpice",
"vendor": "UserSpice",
"versions": [
{
"status": "affected",
"version": "4.3.24"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Dolev Farhi"
}
],
"datePublic": "2018-06-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "userSpice 4.3.24 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the X-Forwarded-For HTTP header. Attackers can send crafted requests to the backup.php endpoint with XSS payloads in the X-Forwarded-For header that execute when administrators visit the audit log page."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "LOW",
"userInteraction": "ACTIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS"
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-24T01:36:19.521Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"name": "ExploitDB-44871",
"tags": [
"exploit"
],
"url": "https://www.exploit-db.com/exploits/44871"
},
{
"name": "VulnCheck Advisory: userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For Header",
"tags": [
"third-party-advisory"
],
"url": "https://www.vulncheck.com/advisories/userspice-cross-site-scripting-via-x-forwarded-for-header"
}
],
"title": "userSpice 4.3.24 Cross-Site Scripting via X-Forwarded-For Header",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2018-25349",
"datePublished": "2026-05-23T18:30:50.474Z",
"dateReserved": "2026-05-23T15:33:04.251Z",
"dateUpdated": "2026-05-24T01:36:19.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}