PT-2018-15018 · Statamic · Statamic
Publicado
2018-12-19
·
Atualizado
2019-02-26
·
CVE-2018-19598
CVSS v3.1
4.8
Média
| Vetor | AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Statamic version 2.10.3
Description
The issue allows for XSS attacks through the
First Name or Last Name fields in an 'Add new user' request to the "/users" API endpoint.Recommendations
For version 2.10.3, avoid using the
First Name or Last Name fields in the 'Add new user' request to the "/users" API endpoint until a fix is available. As a temporary workaround, consider validating and sanitizing user input for these fields to minimize the risk of exploitation.Exploit
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Statamic