CVE-2018-18548 in ajenti
Summary
by MITRE
ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/21/2025
The vulnerability CVE-2018-18548 represents a cross-site scripting flaw discovered in ajenticp, also known as the Ajenti Docker control panel, affecting versions up to and including v1.2.23.13. This issue resides within the File Manager component of the application where user-supplied filenames are improperly handled, creating an avenue for malicious actors to inject harmful scripts. The vulnerability stems from inadequate input validation and output encoding mechanisms that fail to properly sanitize filename parameters before they are rendered in the web interface.
The technical exploitation of this vulnerability occurs when an attacker crafts a malicious filename containing script tags or other XSS payloads that get executed within the context of a victim's browser session. When the File Manager displays these filenames, the improperly escaped content is interpreted as executable JavaScript code rather than plain text, allowing attackers to execute arbitrary scripts against users who view the affected files. This flaw falls under CWE-79 which specifically addresses cross-site scripting vulnerabilities, and aligns with ATT&CK technique T1566.001 for initial access through spearphishing attachments that could contain malicious filenames.
The operational impact of this vulnerability extends beyond simple script execution as it can enable attackers to hijack user sessions, steal sensitive credentials, or perform unauthorized actions within the Ajenti control panel. Since the vulnerability affects the core File Manager functionality, attackers could potentially manipulate file listings, create malicious files, or redirect users to phishing sites. The persistent nature of this flaw means that any user with access to the File Manager component could be exposed to these attacks, particularly in multi-user environments where administrators might inadvertently click on malicious filenames.
Mitigation strategies for this vulnerability should focus on implementing proper input validation and output encoding mechanisms throughout the File Manager component. Organizations should immediately upgrade to the latest version of Ajenti where this vulnerability has been addressed, as the maintainers have released patches to sanitize filename inputs and properly escape all output. Additionally, implementing content security policies, enforcing strict input validation on all user-supplied data, and conducting regular security audits of web applications can help prevent similar issues. Network segmentation and user access controls should also be implemented to limit the potential damage from successful exploitation attempts.