PT-2018-14907 · Valine · Valine

Passer6Yo

·

Publicado

2018-11-15

·

Atualizado

2020-08-24

·

CVE-2018-19289

CVSS v3.1

6.1

Média

VetorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Valine version 1.3.3
Description An issue in Valine allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.
Recommendations For Valine version 1.3.3, consider disabling the ability to embed files, especially .pdf files, until a patch is available to prevent HTML injection and potential JavaScript execution.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2018-19289
GHSA-HHRP-QM88-XJR3

Produtos afetados

Valine