MEDIUM🇵🇱 Wersja polska

CVE-2018-11348

CVSS 5.4v3.0pub. 2018-12-04upd. 2024-11-21

Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. By injecting a JavaScript payload, these flaws could be used to manipulate a user's session.

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • Yunohost

    OS
    Yunohost
    2.7.2 – 2.7.14
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
XSS
CWE
References

Related vulnerabilities

CVE-2018-11347HIGH8.8ten sam produkt

The YunoHost 2.7.2 through 2.7.14 web application is affected by one HTTP Response Header Injection. This flaw...

CVE-2020-36647MEDIUM5.5ten sam vendor

A vulnerability classified as critical has been found in YunoHost-Apps transmission_ynh. Affected is an unknow...