CVE-2018-11348

Name of the Vulnerable Software and Affected Versions YunoHost versions 2.7.2 through 2.7.14

Description The issue is related to two XSS vulnerabilities found in the profile edition page of the user panel of the YunoHost web application. These flaws can be exploited by injecting a JavaScript payload, potentially allowing manipulation of a user's session.

Recommendations For YunoHost versions 2.7.2 through 2.7.14, consider restricting access to the profile edition page of the user panel until a fix is available. As a temporary workaround, avoid using the profile edition feature to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.