CVE-2018-11352

Name of the Vulnerable Software and Affected Versions Wallabag application versions 2.2.3 through 2.3.2

Description The issue is related to a cross-site scripting (XSS) vulnerability stored within the configuration page, which enables the execution of a JavaScript payload each time an administrator visits the configuration page. This can be exploited with authentication to target administrators and steal their sessions.

Recommendations For Wallabag application versions 2.2.3 through 2.3.2, as a temporary workaround, consider restricting access to the configuration page until a patch is available. Avoid using the configuration page with administrative privileges until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.